Min Thu Han

Name of the Vulnerable Software and Affected Versions: SEO Panel versions 3.13.0 and earlier Description: The Website Manager module is affected by a stored Cross-Site Scripting (XSS) issue, allowing remote authenticated attackers to inject arbitrary web script or HTML via the `name` parameter in the "websites.php" endpoint. This enables attackers to execute malicious scripts on the website. Recommendations: For SEO Panel versions 3.13.0 and earlier, as a temporary workaround, consider restricting access to the Website Manager module until a patch is available. Avoid using the `name` parameter in the "websites.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: NetGain Enterprise Manager (EM) versions prior to 10.1.12 Description: The issue concerns multiple Stored Cross-Site Scripting (XSS) vulnerabilities. Recommendations: For versions prior to 10.1.12, update to version 10.1.12 or later to resolve the issue.