Lucene search
PRIOn knowledge basePRION:CVE-2022-40849HistoryDec 01, 2022 - 5:15 a.m.
Cross site scripting
2022-12-0105:15:00
PRIOn knowledge base
www.prio-n.com
1
thinkcmf version 6.0.7
stored cross-site scripting
xss
slideshow management
persistent
javascript code
php session token
0.001 Low
EPSS
Percentile
24.9%
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator’s PHP session token (PHPSESSID).
References
Related
osv
osv
CVE-2022-40849
2022-12-01 05:15:11
ThinkCMF Stored Cross-Site Scripting (XSS)
2022-12-01 06:30:25
github
github
ThinkCMF Stored Cross-Site Scripting (XSS)
2022-12-01 06:30:25
cve
cve
CVE-2022-40849
2022-12-01 05:15:11
veracode
veracode
Cross-site Scripting (XSS)
2022-12-02 04:03:28
nvd
nvd
CVE-2022-40849
2022-12-01 05:15:11
cvelist
cvelist
CVE-2022-40849
2022-12-01 00:00:00