nystudio107 SEOmatic 3.4.10 for Craft CMS

CPE Details

nystudio107 SEOmatic 3.4.10 for Craft CMS
nystudio107
seomatic
3.4.10
2022-06-14
13h50 +00:00
2022-06-14
13h57 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:nystudio107:seomatic:3.4.10:*:*:*:*:craft_cms:*:*

Informations

Vendor

nystudio107

Product

seomatic

Version

3.4.10

Target Software

craft_cms

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-41750 2022-06-12 09h29 +00:00 A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.
6.1
Moyen
CVE-2021-41749 2022-06-12 09h00 +00:00 In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
9.8
Critique