CVE-2022-40849

CVSS V2 None CVSS V3 None
Description
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).
Overview
  • CVE ID
  • CVE-2022-40849
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-01T05:15:11.890
  • Last Modified Date
  • 2022-12-02T17:24:33.243
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:thinkcmf:thinkcmf:6.0.7:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://github.com/thinkcmf/thinkcmf/issues/737 Exploit Issue Tracking Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-12-07 18:05:44 Added to TrackCVE