CVE-2021-41750

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.

nystudio107/craft-seomatic
nystudio107/craft-seomatic
SEOmatic facilitates modern SEO best practices & implementation for Craft CMS 3. It is a turnkey SEO system that is comprehensive, powerful, and flexible.
GitHubGitHub
174