CVE-2020-29315: "Cross-site scripting in ThinkAdmin"
5.4
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.42677%
CWE
Published
5/6/2021
Updated
2/1/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
zoujingli/thinkadmin | composer | < 6.0.22 | 6.0.22 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability manifests in user management functionality where: 1) Input handlers accept unsanitized HTML in nickname fields (stored persistence) 2) Output rendering displays the unsanitized stored data. While exact code isn't available, the pattern matches common XSS vulnerabilities in MVC frameworks where user input isn't properly filtered before storage and output. The medium confidence comes from matching the vulnerability pattern to typical framework architecture rather than direct code analysis.