CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26642
https://notcve.org/view.php?id=CVE-2020-26642
28 May 2021 — A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. Se ha detectado una vulnerabilidad de tipo cross-site scripting (XSS) en la página de inicio de sesión de SeaCMS versión 11, que permite a un atacante inyectar script web o HTML arbitrario • https://www.chinapyg.com/thread-137805-1-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-21378
https://notcve.org/view.php?id=CVE-2020-21378
21 Dec 2020 — SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. Una vulnerabilidad de inyección SQL en SeaCMS versión 10.1 (2020.02.08), por medio del parámetro id en una acción de edición para el archivo admin_members_group.php • https://github.com/sukusec301/SeaCMS-v10.1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8418
https://notcve.org/view.php?id=CVE-2019-8418
17 Feb 2019 — SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. SeaCMS 7.2 gestiona de manera incorrecta las peticiones member.php?mod=repsw4. • https://github.com/seacms/seacms-v7.2/issues/2 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19350
https://notcve.org/view.php?id=CVE-2018-19350
17 Nov 2018 — In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. En SeaCMS v6.6.4, hay Cross-Site Scripting (XSS) persistente mediante el parámetro email en member.php?action=chgpwdsubmit durante un cambio de contraseña, tal y como queda demostrado con una URL data: en un elemento OBJECT. • https://github.com/Xmansec/seacms_vul/tree/master/XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19349
https://notcve.org/view.php?id=CVE-2018-19349
17 Nov 2018 — In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. En SeaCMS v6.64, hay una inyección SQL mediante el parámetro topic en admin_makehtml.php debido a la gestión incorrecta de include/mkhtml.func.php. • https://github.com/Xmansec/seacms_vul/blob/master/SQL/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2018-17365
https://notcve.org/view.php?id=CVE-2018-17365
26 Sep 2018 — SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. SeaCMS versión 6.64 y versión 7.2 permite a los atacantes remotos eliminar archivos arbitrarios mediante el parámetro filedir. • http://blog.51cto.com/13770310/2177226 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17321
https://notcve.org/view.php?id=CVE-2018-17321
22 Sep 2018 — An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. Se ha descubierto un problema en SeaCMS 6.64. Existe Cross-Site Scripting (XSS) en admin_datarelate.php a través de los parámetros time o maxHit en una acción dorandomset. • https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16822
https://notcve.org/view.php?id=CVE-2018-16822
21 Sep 2018 — SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. SeaCMS 6.64 permite inyección SQL mediante el parámetro order en upload/admin/admin_video.php. • http://blog.51cto.com/13770310/2177214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16821
https://notcve.org/view.php?id=CVE-2018-16821
21 Sep 2018 — SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. SeaCMS 6.64 permite el listado de directorios arbitrario mediante peticiones en upload/admin/admin_template.php?path=.. • http://blog.51cto.com/13770310/2177212 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17062
https://notcve.org/view.php?id=CVE-2018-17062
16 Sep 2018 — An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. Se ha descubierto un problema en SeaCMS 6.64. Existe Cross-Site Scripting (XSS) en admin_video.php mediante los parámetros action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney y v_ispsd. • https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •