Headline
CVE-2023-37125: SEACMS V12.1 has storage XSS vulnerability · Issue #25 · seacms-com/seacms
A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
SEACMS V12.1 has storage XSS vulnerability
A bug was found. stored xss vulnerability exists.
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer
Insert a poc into the background management custom module and the Management Custom label module
Poc:<img src=a onerror=alert(1)>