CVE-2020-36932

MEDIUM

SeaCMS 11.1 - XSS

Title source: llm

Description

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.

Exploits (1)

exploitdb WORKING POC

by j5s · textwebappsmultiple

https://www.exploit-db.com/exploits/49251

View Code ZIP pw:eip

References (3)

[Exploit, VDB Entry] https://www.exploit-db.com/exploits/49251

[Product] https://www.seacms.net/

[Third Party Advisory] https://www.vulncheck.com/advisories/seacms-checkuser-stored-xss

Scores

CVSS v3 6.1

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

seacms/seacms 11.1

Seacms/Seacms < 11.1

Published Jan 25, 2026

Tracked Since Feb 18, 2026