Cloneassassin

**Name of the Vulnerable Software and Affected Versions** Seo Panel version 4.8.0 **Description** The issue allows reflected XSS via the "seo/seopanel/login.php?sec=forgot" `email` parameter. This can potentially lead to malicious script execution. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For Seo Panel version 4.8.0, update to a version that fixes the reflected XSS issue in the login functionality, specifically ensuring the `email` parameter in the "seo/seopanel/login.php?sec=forgot" endpoint is properly sanitized. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetBox versions 2.6.2 and earlier **Description** The issue allows an authenticated user to conduct a cross-site scripting (XSS) attack against an admin via a GFM-rendered field. This can be demonstrated by the "/dcim/sites/add/" endpoint, specifically through comments. **Recommendations** For versions 2.6.2 and earlier, consider disabling GFM-rendered fields until a patch is available. Restrict access to the "/dcim/sites/add/" endpoint to minimize the risk of exploitation. Avoid using comments in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Seo Panel version 4.8.0 **Description** The issue allows stored XSS by an authenticated user via the `url` parameter, as demonstrated by the "/seo/seopanel/websites.php" URI. **Recommendations** For Seo Panel version 4.8.0, consider restricting access to the "/seo/seopanel/websites.php" URI until a patch is available, and avoid using the `url` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.