CVE-2024-33101

Name of the Vulnerable Software and Affected Versions ThinkSAAS version 3.7.0

Description A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.

Recommendations For ThinkSAAS version 3.7.0, consider disabling access to the /action/anti.php component until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict the use of the word parameter in the affected component to minimize the risk of arbitrary web script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.