Headline
CVE-2023-37124: SEACMS V12.1 has storage XSS vulnerability · Issue #24 · seacms-com/seacms
A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
SEACMS V12.1 has storage XSS vulnerability
A bug was found. stored xss vulnerability exists.
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer
Insert the poc into the site setup module of the background system
Poc:<img src=a onerror=alert(1)>
A pop-up window occurs when you visit the home page