Home

Description

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.

PUBLISHED Reserved 2026-01-25 | Published 2026-01-25 | Updated 2026-02-02 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Any version
affected

Credits

j5s finder

References

www.exploit-db.com/exploits/49251 (ExploitDB-49251) exploit

www.seacms.net/ (Official Seacms Product Homepage) product

www.vulncheck.com/advisories/seacms-checkuser-stored-xss (VulnCheck Advisory: Seacms 11.1 - 'checkuser' Stored XSS) third-party-advisory

cve.org (CVE-2020-36932)

nvd.nist.gov (CVE-2020-36932)

Download JSON