CVE-2021-39413

Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.8.0

Description: Multiple Cross Site Scripting (XSS) vulnerabilities exist in SEO Panel via several parameters in various PHP files. The affected parameters include to time in files such as backlinks.php, analytics.php, and log.php, from time in files like backlinks.php, analytics.php, and webmaster-tools.php, order col in files such as analytics.php and review.php, and pageno in files like alerts.php and log.php.

Recommendations: For SEO Panel version 4.8.0, consider disabling the to time, from time, order col, and pageno parameters in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files, such as backlinks.php, analytics.php, and log.php, to minimize the risk of exploitation. Avoid using the to time, from time, order col, and pageno parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.