Xmansec

1 exploit Active since Nov 2018
CVE-2018-19350 WRITEUP MEDIUM WRITEUP
SeaCMS v6.6.4 - Stored Cross-Site Scripting via Email Parameter in Password Change
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVSS 5.4