Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities found for SEO Panel by SEO Panel
CVE-2021-47872 (GCVE-0-2021-47872)
Vulnerability from nvd – Published: 2026-01-21 17:27 – Updated: 2026-04-07 14:06
VLAI
EPSS
VEX
Title
SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection
Summary
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49666 | exploit |
| https://www.seopanel.org/ | product |
| https://github.com/seopanel/Seo-Panel/releases/ta… | productpatch |
| https://github.com/seopanel/Seo-Panel/issues/209 | issue-tracking |
| https://www.vulncheck.com/advisories/seo-panel-or… | third-party-advisory |
Date Public
2021-03-18 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47872",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:45:40.269054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:52:22.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEO Panel",
"vendor": "SEO Panel",
"versions": [
{
"status": "affected",
"version": "4.8.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Piyush Patil"
}
],
"datePublic": "2021-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the \u0027order_col\u0027 parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:06:23.860Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49666",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49666"
},
{
"name": "Official SEO Panel Homepage",
"tags": [
"product"
],
"url": "https://www.seopanel.org/"
},
{
"name": "SEO Panel 4.9.0 Release",
"tags": [
"product",
"patch"
],
"url": "https://github.com/seopanel/Seo-Panel/releases/tag/4.9.0"
},
{
"name": "GitHub Issue #209",
"tags": [
"issue-tracking"
],
"url": "https://github.com/seopanel/Seo-Panel/issues/209"
},
{
"name": "VulnCheck Advisory: SEO Panel \u003c 4.9.0 - \u0027order_col\u0027 Blind SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/seo-panel-ordercol-blind-sql-injection"
}
],
"title": "SEO Panel \u003c 4.9.0 - \u0027order_col\u0027 Blind SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47872",
"datePublished": "2026-01-21T17:27:47.681Z",
"dateReserved": "2026-01-18T12:35:05.171Z",
"dateUpdated": "2026-04-07T14:06:23.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-10839 (GCVE-0-2017-10839)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN39628662/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Panel",
"vendor": "SEO Panel",
"versions": [
{
"status": "affected",
"version": "prior to version 3.11.0"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Panel",
"version": {
"version_data": [
{
"version_value": "prior to version 3.11.0"
}
]
}
}
]
},
"vendor_name": "SEO Panel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#39628662",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10839",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10838 (GCVE-0-2017-10838)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN39628662/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Panel",
"vendor": "SEO Panel",
"versions": [
{
"status": "affected",
"version": "prior to version 3.11.0"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Panel",
"version": {
"version_data": [
{
"version_value": "prior to version 3.11.0"
}
]
}
}
]
},
"vendor_name": "SEO Panel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#39628662",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10838",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47872 (GCVE-0-2021-47872)
Vulnerability from cvelistv5 – Published: 2026-01-21 17:27 – Updated: 2026-04-07 14:06
VLAI
EPSS
VEX
Title
SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection
Summary
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49666 | exploit |
| https://www.seopanel.org/ | product |
| https://github.com/seopanel/Seo-Panel/releases/ta… | productpatch |
| https://github.com/seopanel/Seo-Panel/issues/209 | issue-tracking |
| https://www.vulncheck.com/advisories/seo-panel-or… | third-party-advisory |
Date Public
2021-03-18 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47872",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:45:40.269054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:52:22.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEO Panel",
"vendor": "SEO Panel",
"versions": [
{
"status": "affected",
"version": "4.8.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Piyush Patil"
}
],
"datePublic": "2021-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the \u0027order_col\u0027 parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:06:23.860Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49666",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49666"
},
{
"name": "Official SEO Panel Homepage",
"tags": [
"product"
],
"url": "https://www.seopanel.org/"
},
{
"name": "SEO Panel 4.9.0 Release",
"tags": [
"product",
"patch"
],
"url": "https://github.com/seopanel/Seo-Panel/releases/tag/4.9.0"
},
{
"name": "GitHub Issue #209",
"tags": [
"issue-tracking"
],
"url": "https://github.com/seopanel/Seo-Panel/issues/209"
},
{
"name": "VulnCheck Advisory: SEO Panel \u003c 4.9.0 - \u0027order_col\u0027 Blind SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/seo-panel-ordercol-blind-sql-injection"
}
],
"title": "SEO Panel \u003c 4.9.0 - \u0027order_col\u0027 Blind SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47872",
"datePublished": "2026-01-21T17:27:47.681Z",
"dateReserved": "2026-01-18T12:35:05.171Z",
"dateUpdated": "2026-04-07T14:06:23.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-10839 (GCVE-0-2017-10839)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN39628662/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Panel",
"vendor": "SEO Panel",
"versions": [
{
"status": "affected",
"version": "prior to version 3.11.0"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Panel",
"version": {
"version_data": [
{
"version_value": "prior to version 3.11.0"
}
]
}
}
]
},
"vendor_name": "SEO Panel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#39628662",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10839",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10838 (GCVE-0-2017-10838)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN39628662/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Panel",
"vendor": "SEO Panel",
"versions": [
{
"status": "affected",
"version": "prior to version 3.11.0"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#39628662",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Panel",
"version": {
"version_data": [
{
"version_value": "prior to version 3.11.0"
}
]
}
}
]
},
"vendor_name": "SEO Panel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#39628662",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10838",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2017-000207
Vulnerability from jvndb - Published: 2017-08-24 14:03 - Updated:2018-02-28 12:19
Severity
Summary
Multiple vulnerabilities in SEO Panel
Details
SEO Panel provided by SEO Panel contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2017-10838
* SQL injection (CWE-89) - CVE-2017-10839
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000207.html",
"dc:date": "2018-02-28T12:19+09:00",
"dcterms:issued": "2017-08-24T14:03+09:00",
"dcterms:modified": "2018-02-28T12:19+09:00",
"description": "SEO Panel provided by SEO Panel contains multiple vulnerabilities listed below. \r\n\r\n * Cross-site scripting (CWE-79) - CVE-2017-10838 \r\n * SQL injection (CWE-89) - CVE-2017-10839\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000207.html",
"sec:cpe": {
"#text": "cpe:/a:seopanel:seo_panel",
"@product": "Seo Panel",
"@vendor": "Seo Panel",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000207",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN39628662/index.html",
"@id": "JVN#39628662",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10838",
"@id": "CVE-2017-10838",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10839",
"@id": "CVE-2017-10839",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10838",
"@id": "CVE-2017-10838",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10839",
"@id": "CVE-2017-10839",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Multiple vulnerabilities in SEO Panel"
}