Vulnerabilities > Seacms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-18 | CVE-2021-37358 | SQL Injection vulnerability in Seacms 20210530 SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". | 7.5 |
| 2021-08-17 | CVE-2021-29313 | Cross-site Scripting vulnerability in Seacms 12.6 Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, | 4.3 |
| 2021-08-17 | CVE-2020-28846 | Cross-Site Request Forgery (CSRF) vulnerability in Seacms 10.7 Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. | 4.3 |
| 2021-05-28 | CVE-2020-26642 | Cross-site Scripting vulnerability in Seacms 11.0 A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. | 4.3 |
| 2020-12-21 | CVE-2020-21378 | SQL Injection vulnerability in Seacms 10.1 SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. | 7.5 |
| 2019-02-17 | CVE-2019-8418 | Unspecified vulnerability in Seacms 7.2 SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. | 4.0 |
| 2018-11-17 | CVE-2018-19350 | Cross-site Scripting vulnerability in Seacms 6.64 In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | 3.5 |
| 2018-11-17 | CVE-2018-19349 | SQL Injection vulnerability in Seacms 6.64 In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | 6.5 |
| 2018-09-26 | CVE-2018-17365 | Path Traversal vulnerability in Seacms 6.64/7.2 SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | 6.4 |
| 2018-09-22 | CVE-2018-17321 | Cross-site Scripting vulnerability in Seacms 6.64 An issue was discovered in SeaCMS 6.64. | 4.3 |