Vulners
Lucene search
Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability | 17 Jan 201100:00 | – | zdt |
 | CVE-2010-4331 | 20 Jan 201118:00 | – | cve |
 | CVE-2010-4331 | 20 Jan 201118:00 | – | cvelist |
 | Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting | 16 Jan 201100:00 | – | exploitdb |
 | EUVD-2010-4303 | 7 Oct 202500:30 | – | euvd |
 | Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting | 16 Jan 201100:00 | – | exploitpack |
 | CVE-2010-4331 | 20 Jan 201119:00 | – | nvd |
 | Seo Panel Multiple Cross-site Scripting (XSS) Vulnerabilities | 26 Apr 201100:00 | – | openvas |
 | Seo Panel 2.2.0 Cross Site Scripting | 15 Jan 201100:00 | – | packetstorm |
 | Cross site scripting | 20 Jan 201119:00 | – | prion |
10
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)
Mark Stanislav - [email protected]
I. DESCRIPTION
---------------------------------------
A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user through two different cookies.
II. TESTED VERSION
---------------------------------------
2.2.0
III. PoC EXPLOIT
---------------------------------------
Alter the value of cookies called 'default_news' or 'sponsors' and then view a site page which includes controllers/index.ctrl.php or controllers/settings.ctrl.php that will render the cookies as they exist on the user's machine.
IV. NOTES
---------------------------------------
* The 'default_news' cookie doesn't require a user to be authenticated whereas 'sponsors' does
* The disclosure date was pushed a full month so that a fix could be released but no update was released yet
* Based on discussions with the developer, they will likely encrypt the cookie contents to prevent this issue
V. SOLUTION
---------------------------------------
Upgrade to a release > 2.2.0 when available or otherwise disable cookie rendering.
VI. REFERENCES
---------------------------------------
http://www.seopanel.in/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4331
http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/
VII. TIMELINE
---------------------------------------
11/24/2010 - Initial vendor disclosure
11/25/2010 - Vendor response and commitment to fix
11/25/2010 - Reply to vendor detailing potential fixes and an adjusted public disclosure date
11/25/2010 - Vendor response confirming desired public disclosure date and agreement to patch method
01/15/2011 - Public disclosure
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.02387