CVE-2020-36932

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SeaCMS version 11.1

Description The software contains a stored cross-site scripting issue in the checkuser parameter of the admin settings page. An attacker can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded. The vulnerable parameter is checkuser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-36932

Affected Products

Seacms

CVE-2020-36932

Weakness Enumeration

Related Identifiers

Affected Products

References · 6