An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-08
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).
CVSS Score
4.8
EPSS Score
0.002
Published
2018-06-14
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-31
Page 4