A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.