Lucene search

Seopanel Security Vulnerabilities

cve

CVE-2024-22648

A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local...

5.3CVSS

5.2AI Score

0.001EPSS

2024-01-30 07:15 AM

cve

CVE-2024-22647

An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid...

5.3CVSS

5.1AI Score

0.0005EPSS

2024-01-30 07:15 AM

cve

CVE-2024-22646

An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-01-30 07:15 AM

cve

CVE-2024-22643

A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password...

6.5CVSS

6.6AI Score

0.001EPSS

2024-01-30 07:15 AM

cve

CVE-2021-34117

SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive...

7.5CVSS

8AI Score

0.001EPSS

2023-02-15 10:15 PM

cve

CVE-2021-39413

Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php;....

6.1CVSS

6.2AI Score

0.001EPSS

2021-11-05 04:15 PM

cve

CVE-2020-27461

A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website...

8.8CVSS

8.9AI Score

0.031EPSS

2021-08-20 07:15 PM

cve

CVE-2021-29008

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time"...

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-25 08:15 PM

cve

CVE-2021-29010

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type"...

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-25 08:15 PM

cve

CVE-2021-29009

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type"...

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-25 08:15 PM

157

cve

CVE-2021-28417

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name"...

4.8CVSS

4.8AI Score

0.002EPSS

2021-03-18 12:15 PM

cve

CVE-2021-28419

The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all...

7.2CVSS

7AI Score

0.002EPSS

2021-03-18 12:15 PM

cve

CVE-2021-28420

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time"...

4.8CVSS

4.8AI Score

0.002EPSS

2021-03-18 12:15 PM

cve

CVE-2021-28418

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category"...

4.8CVSS

4.8AI Score

0.002EPSS

2021-03-18 12:15 PM

cve

CVE-2021-3002

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-01 07:15 PM

cve

CVE-2020-35930

Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php...

5.4CVSS

5.2AI Score

0.001EPSS

2020-12-31 08:15 PM

cve

CVE-2018-14384

The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name...

4.8CVSS

4.6AI Score

0.001EPSS

2020-03-02 05:15 PM

cve

CVE-2017-10838

Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6.3AI Score

0.001EPSS

2017-08-29 01:35 AM

cve

CVE-2017-10839

SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified...

8.8CVSS

8.8AI Score

0.001EPSS

2017-08-29 01:35 AM

cve

CVE-2014-100024

Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI Score

0.002EPSS

2015-01-13 03:59 PM

cve

CVE-2014-1855

Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to...

5.7AI Score

0.004EPSS

2014-05-20 02:55 PM

cve

CVE-2010-4331

Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b)...

5.6AI Score

0.005EPSS

2011-01-20 07:00 PM