59 matches found
CraftCMS SEOmatic - Server-Side Template Injection
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution. id: CVE-2021-41749 info: name: CraftCMS SEOmatic - Server-Side Template Injection author: iamnoooob,ritikchaddha...
EUVD-2022-1894
Malicious code in bioql PyPI...
EUVD-2022-5962
Malicious code in bioql PyPI...
EUVD-2022-1466
Malicious code in bioql PyPI...
CVE-2021-41750
A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...
CVE-2020-12790
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon...
VulnCheck KEV: CVE-2020-9757
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller...
Server-Side Template Injection
nystudio107/craft-seomatic is vulnerable to server-side template injection. The vulnerability exists due to the lack of sanitization used for the url parameter in the safeCanonicalUrl function of Helper.php, allowing an attacker to inject and execute malicious code...
Cross-site Scripting (XSS)
nystudio107/craft-seomatic is vulnerable to cross-site scripting. The vulnerability exists because the actionSeoFileLink function of FileController.php does not properly check the file types, allowing an attacker to inject and execute malicious javascript by submitting a GET request to...
GHSA-G7XR-V82W-QGGQ Code Injection in SEOmatic
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution...
GHSA-6HJC-M38H-7JHH Cross-site Scripting in SEOmatic plugin
A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...
Code Injection in SEOmatic
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution...
Cross-site Scripting in SEOmatic plugin
A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...
CVE-2021-41750
A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...
CVE-2021-41750
A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...
Cross site scripting
A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...
CVE-2021-41750
The CVE-2021-41750 entry corresponds to a cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3. The issue arises from a flaw in the handling of a GET request to /index.php?action=seomatic/file/seo-file-link, where the url parameter (base64-encoded URL) and fileNa...
CVE-2021-41750
A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...
CVE-2021-41749
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution...
CVE-2021-41749
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution...