CVE-2018-19350

Published November 17th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

3.5

LOW

Affected

PROJECT

Description

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

Xmansec/seacms_vul

Vulnerabilities of seacms.

GitHub