exploitDog

CVE-2022-40849

Опубликовано: 01 дек. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).

Ссылки

https://github.com/thinkcmf/thinkcmf/issues/737
Exploit
Issue Tracking
Third Party Advisory
https://github.com/thinkcmf/thinkcmf/issues/737
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thinkcmf:thinkcmf:6.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00198

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-m9mf-rqx6-2xpc

CVSS3: 5.4

github

около 3 лет назад

ThinkCMF Stored Cross-Site Scripting (XSS)

EPSS

Процентиль: 42%

0.00198

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79