Cross site scripting in SEO Panel v4.8.0
Cross site scripting in SEO Panel v4.8.0 Heading link
Multiple cross-site scripting vulnerabilities are present in SEO Panel 4.8.0. The following is detailed information about these vulnerabilities:
file: backlinks.php
line: 82
parameter: to_time
exploit: http://localhost/Seo-Panel/backlinks.php?fromPopUp=1&from_time=2021-03-02&rep=1&sec=reports&to_time=2021-03-17%22autofocus%20onfocus=alert(1)%20//%22&website_id=1
Similar vulnerabilities are found in other PHP files through to_time: analytics.php, log.php, overview.php, pagespeed.php, rank.php, review.php, saturationchecker.php, social_media.php, reports.php.
The following parameters are vulnerable in similar way in corresponding files:
Parameter: from_time
Files: backlinks.php, analytics.php, log.php, overview.php, pagespeed.php, rank.php, review.php, saturationchecker.php, social_media.php, webmaster-tools.php, reports.php
file: analytics.php
line: 45
parameter: order_col
exploit: http://localhost/Seo-Panel/analytics.php?from_time=2021-03-18&order_col=url%22autofocus%20onfocus=alert(1)%20//%22&order_val=DESC&report_type=1&search_name=&sec=viewAnalyticsSummary&to_time=2021-03-19&type=&website_id=http://www.example.com
Parameter: order_col
Files: analytics.php, review.php, social_media.php, webmaster-tools.php
Parameter: pageno
Files: alerts.php, log.php, keywords.php, proxy.php, searchengine.php, siteauditor.php
Above vulnerabilities are published at CVE-2021-39413
This vulnerability was detected as part of the DARPA CHESS program