CVE-2018-12431

SeaCMS V6.61 is vulnerable to Cross‑Site Scripting via the site name parameter on adm1n/admin_config.php (system management page). The root cause is an XSS flaw in the site name input; impact is user‑visible script injection. The connected records confirm the vulnerability across multiple sources...