PT-2023-25791 · Seacms · Seacms
Published
2023-07-06
·
Updated
2023-07-11
·
CVE-2023-37125
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SEACMS version 12.1
Description
A stored cross-site scripting (XSS) issue in the Management Custom label module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This can lead to the execution of malicious code on the client-side.
Recommendations
For SEACMS version 12.1, consider disabling the Management Custom label module until a patch is available to prevent exploitation of the stored XSS issue. Restrict access to this module to minimize the risk of arbitrary web script or HTML execution.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms