CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17321
https://notcve.org/view.php?id=CVE-2018-17321
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. Se ha descubierto un problema en SeaCMS 6.64. Existe Cross-Site Scripting (XSS) en admin_datarelate.php a través de los parámetros time o maxHit en una acción dorandomset. • https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16822
https://notcve.org/view.php?id=CVE-2018-16822
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. SeaCMS 6.64 permite inyección SQL mediante el parámetro order en upload/admin/admin_video.php. • http://blog.51cto.com/13770310/2177214 http://www.seacms.net/thread-6251-1-1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16821
https://notcve.org/view.php?id=CVE-2018-16821
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. SeaCMS 6.64 permite el listado de directorios arbitrario mediante peticiones en upload/admin/admin_template.php?path=.. • http://blog.51cto.com/13770310/2177212 http://www.seacms.net/thread-6249-1-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17062
https://notcve.org/view.php?id=CVE-2018-17062
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. Se ha descubierto un problema en SeaCMS 6.64. Existe Cross-Site Scripting (XSS) en admin_video.php mediante los parámetros action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney y v_ispsd. • https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16445
https://notcve.org/view.php?id=CVE-2018-16445
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. Se ha descubierto un problema en SeaCMS hasta la versión 6.61. Existe una inyección SQL mediante el parámetro tid en una petición adm1n/admin_topic_vod.php. • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •