Количество 2
Количество 2
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).
GHSA-m9mf-rqx6-2xpc
ThinkCMF Stored Cross-Site Scripting (XSS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-40849 ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID). | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-m9mf-rqx6-2xpc ThinkCMF Stored Cross-Site Scripting (XSS) | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу