Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seacms
(Seacms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-28 | CVE-2024-7162 | A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576. | Seacms | 5.4 | ||
| 2024-07-28 | CVE-2024-7163 | A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability. | Seacms | 6.1 | ||
| 2024-08-29 | CVE-2024-44919 | A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. | Seacms | 5.4 | ||
| 2024-08-26 | CVE-2024-41444 | SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | Seacms | 9.8 | ||
| 2024-09-03 | CVE-2024-44920 | A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | Seacms | 6.1 | ||
| 2024-09-03 | CVE-2024-44921 | SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | Seacms | 9.8 | ||
| 2018-09-26 | CVE-2018-17365 | SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | Seacms | 7.5 | ||
| 2019-02-17 | CVE-2019-8418 | SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. | Seacms | 8.8 | ||
| 2018-11-17 | CVE-2018-19350 | In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | Seacms | 5.4 | ||
| 2018-11-17 | CVE-2018-19349 | In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | Seacms | 7.2 |