Stored XSS Vulnerability in SeaCMS v6.6.4 via member.php?action=chgpwdsubmit Email Parameter

Stored XSS Vulnerability in SeaCMS v6.6.4 via member.php?action=chgpwdsubmit Email Parameter

CVE-2018-19350 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

Learn more about our Cms Pen Testing.