Vulnerabilities > Seopanel > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2021-29008 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. | 3.5 |
| 2021-03-25 | CVE-2021-29009 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. | 3.5 |
| 2021-03-25 | CVE-2021-29010 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. | 3.5 |
| 2021-03-18 | CVE-2021-28417 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | 3.5 |
| 2021-03-18 | CVE-2021-28418 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | 3.5 |
| 2021-03-18 | CVE-2021-28420 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | 3.5 |
| 2020-12-31 | CVE-2020-35930 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | 3.5 |
| 2020-03-02 | CVE-2018-14384 | Cross-site Scripting vulnerability in Seopanel SEO Panel The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | 3.5 |