Vulnerabilities > Seacms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-44920 | Cross-site Scripting vulnerability in Seacms 12.9 A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | 6.1 |
| 2024-08-30 | CVE-2024-44683 | Cross-site Scripting vulnerability in Seacms 13.0 Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | 6.1 |
| 2024-08-29 | CVE-2024-44919 | Cross-site Scripting vulnerability in Seacms 12.9 A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. | 5.4 |
| 2024-07-28 | CVE-2024-7163 | Cross-site Scripting vulnerability in Seacms 12.9 A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. | 6.1 |
| 2024-07-28 | CVE-2024-7161 | Cross-Site Request Forgery (CSRF) vulnerability in Seacms 13.0 A vulnerability classified as problematic was found in SeaCMS 13.0. | 6.5 |
| 2024-07-28 | CVE-2024-7162 | Cross-site Scripting vulnerability in Seacms 12.9/13.0 A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. | 5.4 |
| 2024-07-16 | CVE-2024-39036 | Path Traversal vulnerability in Seacms 12.9 SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. | 6.5 |
| 2023-12-28 | CVE-2023-50470 | Cross-site Scripting vulnerability in Seacms 12.8 A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2023-07-06 | CVE-2023-37124 | Cross-site Scripting vulnerability in Seacms 12.1 A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2023-07-06 | CVE-2023-37125 | Cross-site Scripting vulnerability in Seacms 12.1 A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |