CVE-2019-16665

Name of the Vulnerable Software and Affected Versions ThinkSAAS version 2.91

Description An issue was discovered where there is a potential for XSS via the content to the "index.php?app=group&ac=comment&ts=do&js=1" URI. This can be demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.

Recommendations For ThinkSAAS version 2.91, as a temporary workaround, consider restricting access to the "index.php?app=group&ac=comment&ts=do&js=1" URI to minimize the risk of exploitation. Avoid using crafted SVG documents in the SRC attribute of an EMBED element until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.