2 matches found
CVE-2018-19350
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element...
CVE-2018-19350
SeaCMS v6.6.4 is vulnerable to a stored XSS via the email parameter in member.php?action=chgpwdsubmit during password changes. The issue is demonstrated by a data: URL inside an OBJECT element. Confirmed by multiple sources (NVD entry CVE-2018-19350 and CNVD/CVEs referencing SeaCMS 6.6.4). The vu...