CVE-2018-19350 – In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email paramet …

0

Vuln ID: CVE-2018-19350

Published:  2018-11-17  22:29:00Z

Description: In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

Source: NVD.NIST.GOV