CVE-2023-37786

2023-07-1317:15:09

Google

osv.dev

geeklog v2.2.2

cross-site scripting

arbitrary execution

mail settings

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.

CPENameOperatorVersion
geeklogeq2.2.1-b1
geeklogeq2.1.2-rc1
geeklogeq2.2.0-b2
geeklogeq2.1.2
geeklogeq2.2.1
geeklogeq2.1.2-b1
geeklogeq2.2.1-b4
geeklogeqgeeklog_2_1_1_stable
geeklogeq2.2.0-b1
geeklogeq2.2.1-b2

Name	Operator	Version
geeklog	eq	2.2.1-b1
geeklog	eq	2.1.2-rc1
geeklog	eq	2.2.0-b2
geeklog	eq	2.1.2
geeklog	eq	2.2.1
geeklog	eq	2.1.2-b1
geeklog	eq	2.2.1-b4
geeklog	eq	geeklog_2_1_1_stable
geeklog	eq	2.2.0-b1
geeklog	eq	2.2.1-b2

Rows per page:

1-10 of 161

References

github.com/CrownZTX/reflectedxss1