CVE-2020-36932

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36932

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36932.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36932

Published

2026-01-25T13:15:59.560Z

Modified

2026-04-10T04:27:22.147750Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.

References

Affected packages

Git / github.com/ciweiin/seacms

Affected ranges

Type

GIT

Repo

https://github.com/ciweiin/seacms

Events

Introduced

Last affected

41d3f219aaf9a331e27d9250340b3027b831637f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.1"
        }
    ]
}

Affected versions

Other

v11

v11.*

v11.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36932.json"