Lucene search
Veracode Vulnerability DatabaseVERACODE:35949HistoryJun 13, 2022 - 4:13 a.m.
Cross-site Scripting (XSS)
2022-06-1304:13:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
0.001 Low
EPSS
Percentile
42.2%
nystudio107/craft-seomatic is vulnerable to cross-site scripting. The vulnerability exists because the actionSeoFileLink function of FileController.php does not properly check the file types, allowing an attacker to inject and execute malicious javascript by submitting a GET request to /index.php?ction=seomatic/file/seo-file-link url with base64 encoded url parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nystudio107/craft-seomatic | le | 3.4.10 | |
| nystudio107/craft-seomatic | le | 3.4.10 |
References
github.com/advisories/GHSA-6hjc-m38h-7jhh
github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md
github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md#security-1
github.com/nystudio107/craft-seomatic/commit/4e46b792ce973ac0c652fb330055f41aca1981c8
github.com/nystudio107/craft-seomatic/commit/5f2cdc7c39e0a4bfb60d2f84131508f0a87b2873
Related
osv
osv
CVE-2021-41750
2022-06-12 12:15:07
Cross-site Scripting in SEOmatic plugin
2022-06-13 00:00:19
nvd
nvd
CVE-2021-41750
2022-06-12 12:15:07
cve
cve
CVE-2021-41750
2022-06-12 12:15:07
cvelist
cvelist
CVE-2021-41750
2022-06-12 11:29:00
github
github
Cross-site Scripting in SEOmatic plugin
2022-06-13 00:00:19
prion
prion
Cross site scripting
2022-06-12 12:15:00