CVE-2018-14384

Name of the Vulnerable Software and Affected Versions: SEO Panel versions 3.13.0 and earlier

Description: The Website Manager module is affected by a stored Cross-Site Scripting (XSS) issue, allowing remote authenticated attackers to inject arbitrary web script or HTML via the name parameter in the "websites.php" endpoint. This enables attackers to execute malicious scripts on the website.

Recommendations: For SEO Panel versions 3.13.0 and earlier, as a temporary workaround, consider restricting access to the Website Manager module until a patch is available. Avoid using the name parameter in the "websites.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.