SeaCMS cross-site scripting vulnerability (CNVD-2019-08330)

SeaCMS Ocean CMS is a professional open source free PHP film and television system. A stored cross-site scripting vulnerability exists in SeaCMS 6.6.4, which can be exploited by an attacker during a password change via the member.php?action=chgpwdsubmit email parameter...

Cross site scripting

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element...