RSS   Vulnerabilities for 'Seomatic'   RSS

2022-06-12
 
CVE-2021-41750

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.

 
 
CVE-2021-41749

CWE-94
 

 
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

 
2022-03-11
 
CVE-2021-44618

CWE-94
 

 
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.

 
2020-05-11
 
CVE-2020-12790

CWE-74
 

 
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.

 


Copyright 2024, cxsecurity.com

 

Back to Top