Stored XSS Vulnerability in SeaCMS v6.6.4 via member.php?action=chgpwdsubmit Email Parameter
CVE-2018-19350 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
Learn more about our Cms Pen Testing.