CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36788
https://notcve.org/view.php?id=CVE-2021-36788
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. La extensión yoast_seo (también se conoce como Yoast SEO) versiones anteriores a 7.2.3 para TYPO3, permite un ataque de tipo XSS. • https://typo3.org/help/security-advisories/security https://typo3.org/security/advisory/typo3-ext-sa-2021-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31779
https://notcve.org/view.php?id=CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. La extensión yoast_seo (también se conoce como Yoast SEO) versiones anteriores a 7.2.1 para TYPO3, permite un ataque de tipo SSRF por medio de una cuenta de usuario backend • https://typo3.org/security/advisory/typo3-ext-sa-2021-006 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13478 – Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-13478
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. El plugin SEO de Yoast versiones anteriores a 11.6-RC5 para WordPress no restringe apropiadamente el HTML no filtrado en las descripciones de términos. The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via term descriptions in versions up to, and including, 11.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with post editor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/Yoast/wordpress-seo/releases/tag/11.6-RC5 https://wpvulndb.com/vulnerabilities/9445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 1%CPEs: 1EXPL: 2CVE-2018-19370 – Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-19370
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. Una vulnerabilidad de condición de carrera en unzip_file en admin/import/class-import-settings.php en el plugin Yoast SEO (wordpress-seo) en versiones anteriores a la 9.2.0 para WordPress permite que un SEO Manager ejecute comandos en el sistema operativo mediante una importación de ZIP. WordPress SEO (Yoast SEO) plugin versions 9.1 and below suffer from a race condition that allows for command execution. • https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa https://wordpress.org/plugins/wordpress-seo/#developers https://www.youtube.com/watch?v=nL141dcDGCY • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24153 – Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24153
A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found. Se detectó una vulnerabilidad de tipo Cross-Site Scripting Almacenado en el plugin Yoast SEO WordPress versiones anteriores a 3.4.1, que tenía filtros de lista negra incorporados que incluían paréntesis en la lista negra, así como varias funciones como alertas pero se encontraron omisiones A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting parentheses as well as several functions such as alert, but bypasses were found. • https://packetstormsecurity.com/files/138192 https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo https://wpscan.com/vulnerability/77810044-394d-4314-b9a1-20c7dca726dc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •