17 matches found
CVE-2020-26642
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
CVE-2025-25514
Seacms
CVE-2025-25799
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
CVE-2024-42598
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute...
CVE-2024-44683
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
CVE-2024-39036
SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.
CVE-2024-7163
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit ha...
CVE-2024-7161
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. T...
CVE-2018-14517
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
CVE-2024-44920
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.
CVE-2021-29313
Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,
CVE-2023-2926
A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit ha...
CVE-2018-17321
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
CVE-2018-11583
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
CVE-2020-28846
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
CVE-2018-17062
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.
CVE-2024-40570
SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component.