CVE-2020-36932 MEDIUM

CVE-2020-36932: Seacms 11.1 - 'checkuser' Stored XSS

Vendor Seacms
Product Seacms
Weakness CWE-79 · XSS
Published January 25, 2026
Last update May 14, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.

Key dates

02Disclosure timeline

January 25, 2026 CVE published
May 14, 2026 Record updated