CVE-2024-7163
CVSS 2.0 Score 4.0 of 10 (medium)
Details
Published Jul 28, 2024
Updated: Jul 29, 2024
CWE ID 79
Summary
CVE-2024-7163 is a newly disclosed vulnerability affecting SeaCMS 12.9. The issue lies in the index.php file located in the /js/player/dmplayer/player directory. An attacker can exploit this vulnerability by manipulating the color, vid, and url arguments, leading to a cross-site scripting (XSS) attack. This vulnerability can be exploited remotely, making it a significant security risk. The exploit has been made public, increasing the likelihood of its use in malicious activities. VDB-272577 is the identifier assigned to this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- SeaCMS