CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41750
https://notcve.org/view.php?id=CVE-2021-41750
12 Jun 2022 — A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin SEOmatic 3.4.10 ... • https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 32%CPEs: 1EXPL: 0CVE-2021-41749
https://notcve.org/view.php?id=CVE-2021-41749
12 Jun 2022 — In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. En el plugin SEOmatic versiones hasta 3.4.11 para Craft CMS 3, es posible que atacantes no autenticados lleven a cabo un ataque de tipo Server-Side Template Injection, permitiendo una ejecución de código remota • https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •