CVE-2024-33102

Name of the Vulnerable Software and Affected Versions ThinkSAAS version 3.7.0

Description A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. This enables attackers to potentially manipulate the web application's behavior or steal user data.

Recommendations For ThinkSAAS version 3.7.0, consider disabling access to the /pubs/counter.php component until a patch is available to prevent exploitation of the stored XSS vulnerability. Additionally, restrict the use of the code parameter in the affected component to minimize the risk of arbitrary script execution.