Skip to content

Latest commit

 

History

History
15 lines (9 loc) · 369 Bytes

seacms.md

File metadata and controls

15 lines (9 loc) · 369 Bytes

seacms V6.61 has xss vulnerability in site name parameter of admin_config.php

In login with admin and visit http://127.0.0.1/seacms/adm1n/admin_config.php to set the web site name as

<img src=x onerror=alert(1)>

Then save it.

image

There is a alert box when browse the site again.In other words,there is xss vulnerability.

image