CVE-2024-33102

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-33102

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33102.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33102

Published

2024-04-30T18:15:19Z

Modified

2025-04-23T10:44:04.512433Z

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.

References

https://github.com/thinksaas/ThinkSAAS/issues/35

Affected packages

Git / github.com/thinksaas/thinksaas

Affected ranges

Type: GIT
Repo: https://github.com/thinksaas/thinksaas
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

dc668ebe038237df7e3ec78455c141fb4f3789d4

Affected versions

3.*

3.1

3.2

3.21

3.22

3.23

3.3

3.33

3.69

3.70