Mimazhan

**Name of the Vulnerable Software and Affected Versions** ThinkSAAS versions prior to 2018-07-25 **Description** The issue allows for XSS via the `content` parameter in the "index.php?app=article&ac=comment&ts=do" endpoint. **Recommendations** For versions prior to 2018-07-25, update to a version released after 2018-07-25 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ThinkSAAS versions prior to 2018-07-25 **Description** The issue allows for XSS via the `index.php?app=group&ac=create&ts=do` endpoint, specifically through the `groupdesc` parameter. **Recommendations** For versions prior to 2018-07-25, avoid using the `groupdesc` parameter in the `index.php?app=group&ac=create&ts=do` endpoint until the issue is resolved.