CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11583
https://notcve.org/view.php?id=CVE-2018-11583
31 May 2018 — SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. SeaCMS 6.61 tiene Cross-Site Scripting (XSS) persistente en admin_collect.php mediante el parámetro siteurl. • https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17561
https://notcve.org/view.php?id=CVE-2017-17561
12 Dec 2017 — SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. SeaCMS 6.56 permite que administradores autenticados remotos ejecuten código PHP arbitrario mediante un campo de token manipulado en admin/admin_ping.php, que interactúa con data/admin/ping.php. • http://www.jianshu.com/p/35af80b97ee6 •