CNNVD-202601-4311 Information
CNNVD ID
CNNVD-202601-4311
Related CVE
- CNNVD Published: 2026-01-25
Description (Chinese)
SeaCMS是海洋CMS(SeaCMS)公司的一套使用PHP编写的免费、开源的网站内容管理系统。该系统主要被设计用来管理视频点播资源。 SeaCMS 11.1版本存在跨站脚本漏洞,该漏洞源于对admin设置页面中checkuser参数的清理不当,可能导致存储型跨站脚本攻击。
Description (English)
SeaCMS is a free, open-source web content management system developed by SeaCMS using PHP. The system is primarily designed to manage video on-demand resources. The SeaCMS 11.1 version has a cross-site script loophole, which results from the inappropriate clean-up of the checkuser parameters on the admin set-up page, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
海洋CMS
Published
2026-01-25
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/49251 https://www.vulncheck.com/advisories/seacms-checkuser-stored-xss https://www.seacms.net/ https://access.redhat.com/security/cve/cve-2020-36932