6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-41750

GHSA ID

GHSA-6hjc-m38h-7jhh

EPSS Score

0.63703%

CWE

CWE-79

Published

6/13/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-41750

CVE-2021-41750: Cross-site Scripting in SEOmatic plugin

A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-41750

GHSA ID

GHSA-6hjc-m38h-7jhh

EPSS Score

0.63703%

CWE

CWE-79

Published

6/13/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nystudio107/craft-seomatic	composer	< 3.4.11	3.4.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from inadequate file extension validation in the actionSeoFileLink controller method. The original code (pre-patch) only checked if the extension was empty or not in allowedExtensions, but didn't explicitly block SVG files. Since SVGs can contain embedded JavaScript, this allowed XSS payloads. The patch explicitly adds 'svg' to the blocked extensions, confirming this was the attack vector. The function's role in handling user-supplied fileName parameters and setting content-types makes it the clear entry point for the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-sit* s*riptin* (XSS) vuln*r**ility in t** S*Om*ti* plu*in *.*.** *or *r**t *MS * *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript vi* * **T to /in**x.p*p?**tion=s*om*ti*/*il*/s*o-*il*-link wit* url p*r*m*t*r *ont*inin* t** **s*** *n*o**

Reasoning

T** vuln*r**ility st*ms *rom in***qu*t* *il* *xt*nsion v*li**tion in t** `**tionS*o*il*Link` *ontroll*r m*t*o*. T** ori*in*l *o** (pr*-p*t**) only ****k** i* t** *xt*nsion w*s *mpty or not in `*llow***xt*nsions`, *ut *i*n't *xpli*itly *lo*k `SV*` *il

6.1

Basic Information

Concerned about an active attack path?

CVE-2021-41750: Cross-site Scripting in SEOmatic plugin

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI