Test ID:	1.3.6.1.4.1.25623.1.0.801775
Category:	Web application abuses
Title:	Seo Panel Multiple Cross-site Scripting (XSS) Vulnerabilities
Summary:	Seo Panel is prone to multiple Cross- site scripting vulnerabilities.
Description:	Summary: Seo Panel is prone to multiple Cross- site scripting vulnerabilities. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input by the 'index.ctrl.php' or 'controllers/settings.ctrl.php' scripts. A remote attacker could exploit this vulnerability using the default_news or sponsors parameter to inject malicious script content into a web page. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Affected Software/OS: Seo Panel version 2.2.0. Solution: Upgrade to version 2.2.0 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4331 BugTraq ID: 45828 http://www.securityfocus.com/bid/45828 Bugtraq: 20110115 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331) (Google Search) http://www.securityfocus.com/archive/1/515768/100/0/threaded http://www.exploit-db.com/exploits/16000 http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/ XForce ISS Database: seopanel-sponsors-xss(64725) https://exchange.xforce.ibmcloud.com/vulnerabilities/64725
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.