PT-2024-31305 · Seacms · Seacms
Nn0Nkey
·
Published
2024-08-29
·
Updated
2024-09-06
·
CVE-2024-44919
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SeaCMS version 12.9
Description
A cross-site scripting (XSS) issue in the admin ads.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
ad description parameter. This enables attackers to run any web scripts or HTML.Recommendations
For SeaCMS version 12.9, consider disabling the
admin ads.php component or restricting access to it until a patch is available. Avoid using the ad description parameter in the affected component to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms