Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seacms
(Seacms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-10 | CVE-2023-44846 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | Seacms | 8.8 | ||
| 2023-10-10 | CVE-2023-44847 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | Seacms | 7.2 | ||
| 2024-07-28 | CVE-2024-7161 | A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575. | Seacms | 6.5 | ||
| 2024-07-28 | CVE-2024-7162 | A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576. | Seacms | 5.4 | ||
| 2023-10-25 | CVE-2023-46010 | An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | Seacms | 9.8 | ||
| 2024-07-28 | CVE-2024-7163 | A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability. | Seacms | 6.1 | ||
| 2024-08-29 | CVE-2024-44919 | A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. | Seacms | 5.4 | ||
| 2024-08-26 | CVE-2024-41444 | SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | Seacms | 9.8 | ||
| 2024-08-30 | CVE-2024-44683 | Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | Seacms | 6.1 | ||
| 2024-09-03 | CVE-2024-44920 | A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | Seacms | 6.1 |