CVE-2024-6942

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6942

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6942.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6942

Published

2024-07-21T07:15:05.887Z

Modified

2025-11-20T12:31:43.497592Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272064.

References

Affected packages

Git / github.com/thinksaas/thinksaas

Affected ranges

Type: GIT
Repo: https://github.com/thinksaas/thinksaas
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

dc668ebe038237df7e3ec78455c141fb4f3789d4

Affected versions

3.*

3.1

3.2

3.21

3.22

3.23

3.3

3.33

3.69

3.70