Lucene search
+L
Nystudio107Seomatic

5 matches found

CVE
CVE
added 2022/06/12 11:0 a.m.167 views

CVE-2021-41749

The CVE-2021-41749 entry affects the SEOmatic plugin for Craft CMS 3 up to version 3.4.11. The Nuclei template documents an unauthenticated Server-Side Template Injection (SSTI) vulnerability that allows an attacker to execute arbitrary Twig templates and system commands via the X-Forwarded-Host ...

9.8CVSS9.8AI score0.17249EPSS
CVE
CVE
added 2022/03/11 3:17 p.m.90 views

CVE-2021-44618

SSTI in Nystudio107 Seomatic 3.4.12 (src/helpers/UrlHelper.php via Host header). CVSSv3.1: 9.8 (CRITICAL), network attack, no user interaction. Impact: confidentiality, integrity, availability HIGH. Exploitation details and fix version are not provided in connected documents; remediation steps no...

9.8CVSS9.5AI score0.01373EPSS
Web
CVE
CVE
added 2022/06/12 11:29 a.m.80 views

CVE-2021-41750

The CVE-2021-41750 entry corresponds to a cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3. The issue arises from a flaw in the handling of a GET request to /index.php?action=seomatic/file/seo-file-link, where the url parameter (base64-encoded URL) and fileNa...

6.1CVSS5.9AI score0.01029EPSS
Web
CVE
CVE
added 2018/08/06 8:0 p.m.70 views

CVE-2018-14716

CVE-2018-14716 affects the SEOmatic plugin for Craft CMS (before 3.1.4). A Server Side Template Injection (SSTI) occurs because requests that don’t match any elements cause an incorrect canonicalUrl, enabling execution of Twig code. Documented exploits exist (exploit-db PoC) and public advisories...

7.5CVSS7.6AI score0.33034EPSS
CVE
CVE
added 2020/05/11 6:8 p.m.59 views

CVE-2020-12790

The CVE-2020-12790 entry concerns the SEOmatic plugin for Craft CMS before version 3.2.49. The root cause is improper sanitization in helpers/DynamicMeta.php for URL handling, which can allow Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon. ...

7.5CVSS7.4AI score0.02189EPSS