CVE Catalog

CVE-2025-50592

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability was found in SeaCMS before version 13.2 via the 'vid' parameter in Upload/js/player/dmplayer/player. It allows a remote attacker to inject malicious JavaScript code into the page.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's browser context, compromising data confidentiality and integrity.

Recommendation

Immediately update SeaCMS to version 13.2 or later, which includes a fix for the XSS vulnerability. Additionally, implement input filtering and validation for the 'vid' parameter.

Original NVD description (English source)

Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS