CVE-2023-3541
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability has been found in ThinuTech ThinuCMS version 1.5 that allows cross-site scripting (XSS) attacks through manipulation of the 'author' argument in the /author_posts.php file. Injecting malicious scripts can lead to unauthorized code execution in users' browsers.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a risk of user data theft and session hijacking. This could lead to serious security breaches within the organization.
Recommendation
It is recommended to update ThinuCMS to the latest version that addresses this vulnerability. Additionally, implementing protections against script injection in the application is advisable.
Original NVD description (English source)
A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.

