Bitnami package
seopanel
pkg:bitnami/seopanel
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22648 | — | >= 4.10.0, <= 4.10.0 | — | Jan 30, 2024 | A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | ||
| CVE-2024-22647 | — | >= 4.10.0, <= 4.10.0 | — | Jan 30, 2024 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | ||
| CVE-2024-22646 | — | >= 4.10.0, <= 4.10.0 | — | Jan 30, 2024 | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | ||
| CVE-2024-22643 | — | >= 4.10.0, <= 4.10.0 | — | Jan 30, 2024 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | ||
| CVE-2021-34117 | — | >= 4.9.0, <= 4.9.0 | — | Feb 15, 2023 | SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | ||
| CVE-2021-39413 | — | >= 4.8.0, <= 4.8.0 | — | Nov 5, 2021 | Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, an | ||
| CVE-2021-29010 | — | >= 4.8.0, <= 4.8.0 | — | Mar 25, 2021 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. | ||
| CVE-2021-29009 | — | >= 4.8.0, <= 4.8.0 | — | Mar 25, 2021 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. | ||
| CVE-2021-29008 | — | >= 4.8.0, <= 4.8.0 | — | Mar 25, 2021 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. | ||
| CVE-2021-28420 | — | >= 4.8.0, <= 4.8.0 | — | Mar 18, 2021 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | ||
| CVE-2021-28419 | — | >= 4.8.0, <= 4.8.0 | — | Mar 18, 2021 | The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | ||
| CVE-2021-28418 | — | >= 4.8.0, <= 4.8.0 | — | Mar 18, 2021 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | ||
| CVE-2021-28417 | — | >= 4.8.0, <= 4.8.0 | — | Mar 18, 2021 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | ||
| CVE-2021-3002 | — | >= 4.8.0, <= 4.8.0 | — | Jan 1, 2021 | Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | ||
| CVE-2020-35930 | — | >= 4.8.0, <= 4.8.0 | — | Dec 31, 2020 | Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. |
- CVE-2024-22648Jan 30, 2024affected >= 4.10.0, <= 4.10.0
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.
- CVE-2024-22647Jan 30, 2024affected >= 4.10.0, <= 4.10.0
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.
- CVE-2024-22646Jan 30, 2024affected >= 4.10.0, <= 4.10.0
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.
- CVE-2024-22643Jan 30, 2024affected >= 4.10.0, <= 4.10.0
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.
- CVE-2021-34117Feb 15, 2023affected >= 4.9.0, <= 4.9.0
SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.
- CVE-2021-39413Nov 5, 2021affected >= 4.8.0, <= 4.8.0
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, an
- CVE-2021-29010Mar 25, 2021affected >= 4.8.0, <= 4.8.0
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.
- CVE-2021-29009Mar 25, 2021affected >= 4.8.0, <= 4.8.0
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.
- CVE-2021-29008Mar 25, 2021affected >= 4.8.0, <= 4.8.0
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter.
- CVE-2021-28420Mar 18, 2021affected >= 4.8.0, <= 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
- CVE-2021-28419Mar 18, 2021affected >= 4.8.0, <= 4.8.0
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
- CVE-2021-28418Mar 18, 2021affected >= 4.8.0, <= 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
- CVE-2021-28417Mar 18, 2021affected >= 4.8.0, <= 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.
- CVE-2021-3002Jan 1, 2021affected >= 4.8.0, <= 4.8.0
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
- CVE-2020-35930Dec 31, 2020affected >= 4.8.0, <= 4.8.0
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.