CVE-2024-6942

Name of the Vulnerable Software and Affected Versions ThinkSAAS version 3.7.0

Description A problematic issue was found in the Admin Panel Security Center component, specifically in the file app/system/action/anti.php. The manipulation of the ip, email, or phone argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For ThinkSAAS version 3.7.0, consider disabling the affected function in the app/system/action/anti.php file as a temporary workaround until a patch is available. Restrict access to the Admin Panel Security Center to minimize the risk of exploitation. Avoid using the ip, email, or phone arguments in the affected component until the issue is resolved.