CVE-2025-50592
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A Cross-Site Scripting (XSS) vulnerability was found in SeaCMS before version 13.2 via the 'vid' parameter in Upload/js/player/dmplayer/player. It allows a remote attacker to inject malicious JavaScript code into the page.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's browser context, compromising data confidentiality and integrity.
Recommendation
Immediately update SeaCMS to version 13.2 or later, which includes a fix for the XSS vulnerability. Additionally, implement input filtering and validation for the 'vid' parameter.
Original NVD description (English source)
Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.

