Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting

🗓️ 16 Jan 2011 00:00:00Reported by Mark StanislavType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 28 Views

'Seo Panel' 2.2.0 Cookie-Rendered Persistent Cross-Site Scripting Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability
17 Jan 201100:00
zdt
CVE		CVE-2010-4331
20 Jan 201118:00
cve
Cvelist		CVE-2010-4331
20 Jan 201118:00
cvelist
EUVD		EUVD-2010-4303
7 Oct 202500:30
euvd
exploitpack		Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting
16 Jan 201100:00
exploitpack
NVD		CVE-2010-4331
20 Jan 201119:00
nvd
OpenVAS		Seo Panel Multiple Cross-site Scripting (XSS) Vulnerabilities
26 Apr 201100:00
openvas
Packet Storm		Seo Panel 2.2.0 Cross Site Scripting
15 Jan 201100:00
packetstorm
Prion		Cross site scripting
20 Jan 201119:00
prion
securityvulns		'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)
18 Jan 201100:00
securityvulns
Rows per page
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)
Mark Stanislav - [email protected]


I. DESCRIPTION
---------------------------------------
A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user through two different cookies.

 
II. TESTED VERSION
---------------------------------------
2.2.0


III. PoC EXPLOIT
---------------------------------------
Alter the value of cookies called 'default_news' or 'sponsors' and then view a site page which includes controllers/index.ctrl.php or controllers/settings.ctrl.php that will render the cookies as they exist on the user's machine.


IV. NOTES 
---------------------------------------
* The 'default_news' cookie doesn't require a user to be authenticated whereas 'sponsors' does
* The disclosure date was pushed a full month so that a fix could be released but no update was released yet
* Based on discussions with the developer, they will likely encrypt the cookie contents to prevent this issue


V. SOLUTION
---------------------------------------
Upgrade to a release > 2.2.0 when available or otherwise disable cookie rendering.


VI. REFERENCES
---------------------------------------
http://www.seopanel.in/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4331
http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/


VII. TIMELINE
---------------------------------------
11/24/2010 - Initial vendor disclosure
11/25/2010 - Vendor response and commitment to fix
11/25/2010 - Reply to vendor detailing potential fixes and an adjusted public disclosure date
11/25/2010 - Vendor response confirming desired public disclosure date and agreement to patch method
01/15/2011 - Public disclosure

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Jan 2011 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 24.3
EPSS0.02387
seo panelcross-site scripting2.2.0cookie-renderedpersistentvulnerabilitymark stanislavexploitcve-2010-4331xss
28