An issue exists in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thinksaas thinksaas 2.91 |