CVE-2024-44918

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description A cross-site scripting (XSS) vulnerability in the admin datarelate.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue enables attackers to run any web script or HTML, potentially leading to unauthorized actions on the affected system.

Recommendations For SeaCMS version 12.9, consider disabling the admin datarelate.php component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to this component to minimize the risk of exploitation. Avoid using any potentially vulnerable functions or parameters within the admin datarelate.php component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.