CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19350

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/Xmansec/seacms_vul/tree/master/XSS
https://github.com/Xmansec/seacms_vul/tree/master/XSS

Products affected by CVE-2018-19350

Seacms » Seacms » Version: 6.64

cpe:2.3:a:seacms:seacms:6.64

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19350

Products

Pricing

Contact Us