Lucene search
Veracode Vulnerability DatabaseVERACODE:38319HistoryDec 02, 2022 - 4:03 a.m.
Cross-site Scripting (XSS)
2022-12-0204:03:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
thinkcmf
cross-site scripting
vulnerability
slideshow management
insufficient sanitization
malicious javascript
software
0.001 Low
EPSS
Percentile
24.9%
thinkcmf/thinkcmf is vulnerable to cross-site scripting.The vulnerability exists in multiple functions due to insufficient sanitization of the slideshow management section which allows an attacker to inject and execute malicious JavaScript into the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thinkcmf/thinkcmf | le | v6.0.7 | |
| thinkcmf/thinkcmf | le | v6.0.7 |
Related
prion
prion
Cross site scripting
2022-12-01 05:15:00
osv
osv
CVE-2022-40849
2022-12-01 05:15:11
ThinkCMF Stored Cross-Site Scripting (XSS)
2022-12-01 06:30:25
cve
cve
CVE-2022-40849
2022-12-01 05:15:11
github
github
ThinkCMF Stored Cross-Site Scripting (XSS)
2022-12-01 06:30:25
nvd
nvd
CVE-2022-40849
2022-12-01 05:15:11
cvelist
cvelist
CVE-2022-40849
2022-12-01 00:00:00