CVE-2023-37787

2023-07-1317:15:09

Google

osv.dev

cve-2023-37787

cross-site scripting

attack

payload injection

admin router

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.

CPENameOperatorVersion
geeklogeq2.2.1-b1
geeklogeq2.1.2-rc1
geeklogeq2.2.0-b2
geeklogeq2.1.2
geeklogeq2.2.1
geeklogeq2.1.2-b1
geeklogeq2.2.1-b4
geeklogeqgeeklog_2_1_1_stable
geeklogeq2.2.0-b1
geeklogeq2.2.1-b2

Name	Operator	Version
geeklog	eq	2.2.1-b1
geeklog	eq	2.1.2-rc1
geeklog	eq	2.2.0-b2
geeklog	eq	2.1.2
geeklog	eq	2.2.1
geeklog	eq	2.1.2-b1
geeklog	eq	2.2.1-b4
geeklog	eq	geeklog_2_1_1_stable
geeklog	eq	2.2.0-b1
geeklog	eq	2.2.1-b2

Rows per page:

1-10 of 161

References

github.com/CrownZTX/storedXSS