Vendor CVEs
Seopanel
All CVEs
23 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10839 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2017 | SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-10838 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2017 | Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2021-47872 | Hig | 0.39 | 7.1 | 0.00 | Jan 21, 2026 | SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database… | ||
| CVE-2021-28420 | 0.03 | — | 0.02 | Mar 18, 2021 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | |||
| CVE-2021-28419 | 0.03 | — | 0.11 | Mar 18, 2021 | The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | |||
| CVE-2021-28418 | 0.03 | — | 0.02 | Mar 18, 2021 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | |||
| CVE-2021-28417 | 0.03 | — | 0.02 | Mar 18, 2021 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | |||
| CVE-2010-4331 | 0.03 | — | 0.02 | Jan 20, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b)… | |||
| CVE-2021-3002 | 0.01 | — | 0.04 | Jan 1, 2021 | Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | |||
| CVE-2025-29452 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. | |||
| CVE-2025-29451 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. | |||
| CVE-2024-22646 | 0.00 | — | 0.01 | Jan 30, 2024 | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | |||
| CVE-2024-22643 | 0.00 | — | 0.00 | Jan 30, 2024 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | |||
| CVE-2024-22647 | 0.00 | — | 0.01 | Jan 30, 2024 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | |||
| CVE-2021-34117 | 0.00 | — | 0.01 | Feb 15, 2023 | SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | |||
| CVE-2021-39413 | 0.00 | — | 0.01 | Nov 5, 2021 | Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php,… | |||
| CVE-2020-27461 | 0.00 | — | 0.04 | Aug 20, 2021 | A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function. | |||
| CVE-2021-29010 | 0.00 | — | 0.01 | Mar 25, 2021 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. | |||
| CVE-2021-29009 | 0.00 | — | 0.01 | Mar 25, 2021 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. | |||
| CVE-2020-35930 | 0.00 | — | 0.01 | Dec 31, 2020 | Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | |||
| CVE-2018-14384 | 0.00 | — | 0.01 | Mar 2, 2020 | The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | |||
| CVE-2014-100024 | 0.00 | — | 0.01 | Jan 13, 2015 | Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-1855 | 0.00 | — | 0.02 | May 20, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php. |
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.39cvss 7.1epss 0.00
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database…
- CVE-2021-28420Mar 18, 2021risk 0.03cvss —epss 0.02
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
- CVE-2021-28419Mar 18, 2021risk 0.03cvss —epss 0.11
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
- CVE-2021-28418Mar 18, 2021risk 0.03cvss —epss 0.02
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
- CVE-2021-28417Mar 18, 2021risk 0.03cvss —epss 0.02
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.
- CVE-2010-4331Jan 20, 2011risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b)…
- CVE-2021-3002Jan 1, 2021risk 0.01cvss —epss 0.04
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
- CVE-2025-29452Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.
- CVE-2025-29451Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.
- CVE-2024-22646Jan 30, 2024risk 0.00cvss —epss 0.01
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.
- CVE-2024-22643Jan 30, 2024risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.
- CVE-2024-22647Jan 30, 2024risk 0.00cvss —epss 0.01
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.
- CVE-2021-34117Feb 15, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.
- CVE-2021-39413Nov 5, 2021risk 0.00cvss —epss 0.01
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php,…
- CVE-2020-27461Aug 20, 2021risk 0.00cvss —epss 0.04
A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.
- CVE-2021-29010Mar 25, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.
- CVE-2021-29009Mar 25, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.
- CVE-2020-35930Dec 31, 2020risk 0.00cvss —epss 0.01
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.
- CVE-2018-14384Mar 2, 2020risk 0.00cvss —epss 0.01
The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter.
- CVE-2014-100024Jan 13, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-1855May 20, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.