Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seo_panel
(Seopanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-30 | CVE-2024-22648 | A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | Seo_panel | 5.3 | ||
| 2024-01-30 | CVE-2024-22646 | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | Seo_panel | 5.3 | ||
| 2024-01-30 | CVE-2024-22643 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | Seo_panel | 6.5 | ||
| 2024-01-30 | CVE-2024-22647 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | Seo_panel | 5.3 | ||
| 2023-02-15 | CVE-2021-34117 | SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | Seo_panel | 7.5 | ||
| 2020-12-31 | CVE-2020-35930 | Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | Seo_panel | 5.4 | ||
| 2021-01-01 | CVE-2021-3002 | Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | Seo_panel | 6.1 | ||
| 2021-03-18 | CVE-2021-28417 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | Seo_panel | 4.8 | ||
| 2021-03-18 | CVE-2021-28418 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | Seo_panel | 4.8 | ||
| 2021-03-18 | CVE-2021-28419 | The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | Seo_panel | 7.2 |