Chandlerchin

**Name of the Vulnerable Software and Affected Versions** ThinkSAAS version 2.91 **Description** An issue was discovered that allows for XSS via the `index.php?app=group&ac=create&ts=do` endpoint, specifically through the `groupname` parameter. **Recommendations** For ThinkSAAS version 2.91, consider restricting access to the `index.php?app=group&ac=create&ts=do` endpoint to minimize the risk of exploitation, and avoid using the `groupname` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.