In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
seacms seacms 6.64 |