Vulnerabilities > Seopanel > SEO Panel > 4.8.0

DATE CVE VULNERABILITY TITLE RISK
2021-11-05 CVE-2021-39413 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php.
network
low complexity
seopanel CWE-79
6.1
6.1
2021-03-25 CVE-2021-29010 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.
network
low complexity
seopanel CWE-79
4.8
4.8
2021-03-25 CVE-2021-29009 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.
network
low complexity
seopanel CWE-79
4.8
4.8
2021-03-25 CVE-2021-29008 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter.
network
low complexity
seopanel CWE-79
4.8
4.8
2021-03-18 CVE-2021-28420 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
network
low complexity
seopanel CWE-79
4.8
4.8
2021-03-18 CVE-2021-28419 SQL Injection vulnerability in Seopanel SEO Panel 4.8.0
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
network
low complexity
seopanel CWE-89
7.2
7.2
2021-03-18 CVE-2021-28418 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
network
low complexity
seopanel CWE-79
4.8
4.8
2021-03-18 CVE-2021-28417 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.
network
low complexity
seopanel CWE-79
4.8
4.8
2021-01-01 CVE-2021-3002 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
network
low complexity
seopanel CWE-79
6.1
6.1
2020-12-31 CVE-2020-35930 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.
network
low complexity
seopanel CWE-79
5.4
5.4