Lucene search
K

362 matches found

OpenVAS
OpenVAS
added 2014/02/13 12:0 a.m.22 views

Geeklog Calendar Plugin Cross Site Scripting Vulnerability

Geeklog is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.6AI score0.01885EPSS
Exploits3References5
NVD
NVD
added 2014/02/05 3:10 p.m.32 views

CVE-2013-1470

Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...

4.3CVSS5.6AI score0.01885EPSS
Exploits3References5
Prion
Prion
added 2014/02/05 3:10 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...

4.3CVSS6.1AI score0.01885EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2014/02/05 3:0 p.m.34 views

CVE-2013-1470

Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...

5.6AI score0.01885EPSS
Exploits3References5
CVE
CVE
added 2014/02/05 3:0 p.m.64 views

CVE-2013-1470

CVE-2013-1470 affects Geeklog’s Calendar plugin (calendar/index.php) with XSS via the calendar_type parameter submitted to submit.php. Affected: Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2. Root cause: insufficient input sanitization of the calendar_type field leading to injection of arbitr...

4.3CVSS5.7AI score0.01885EPSS
Exploits3References5Affected Software1
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.106 views

Cross-Site Scripting (XSS) in Geeklog

Advisory ID: HTB23143 Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Versions: 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

4.3CVSS6.9AI score0.01885EPSS
Exploits3
0day.today
0day.today
added 2013/03/01 12:0 a.m.68 views

Geeklog 1.8.2 Cross Site Scripting Vulnerability

Geeklog version 1.8.2 suffers from a cross site scripting vulnerability. Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Versions: 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013...

4.3CVSS6.2AI score0.01885EPSS
Exploits3
Packet Storm
Packet Storm
added 2013/02/28 12:0 a.m.54 views

Geeklog 1.8.2 Cross Site Scripting

Advisory ID: HTB23143 Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Versions: 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

4.3CVSS6.6AI score0.01885EPSS
Exploits3
exploitpack
exploitpack
added 2013/02/27 12:0 a.m.12 views

Geeklog - Cross-Site Scripting

Geeklog - Cross-Site Scripting source: https://www.securityfocus.com/bid/58209/info Geeklog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2013/02/27 12:0 a.m.28 views

Geeklog - Cross-Site Scripting

source: https://www.securityfocus.com/bid/58209/info Geeklog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

7.4AI score
Exploits0
htbridge
htbridge
added 2013/02/06 12:0 a.m.90 views

Cross-Site Scripting (XSS) in Geeklog

High-Tech Bridge Security Research Lab discovered vulnerability in Geeklog that can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Geeklog: CVE-2013-1470 The vulnerability exists due to insufficient filtration of user-supplied data in "calendartype" HTTP...

4.3CVSS5.8AI score0.01885EPSS
Exploits3Affected Software1
NVD
NVD
added 2012/09/09 9:55 p.m.16 views

CVE-2011-4942

Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...

4.3CVSS5.8AI score0.01367EPSS
Exploits0References7
NVD
NVD
added 2012/09/09 9:55 p.m.18 views

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

4.3CVSS5.6AI score0.01148EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2012/09/09 9:55 p.m.2 views

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

4.3CVSS5.7AI score0.01367EPSS
Exploits0References4
Prion
Prion
added 2012/09/09 9:55 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...

4.3CVSS6AI score0.01367EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2012/09/09 9:55 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

4.3CVSS6AI score0.01367EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/09/09 9:0 p.m.25 views

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

5.6AI score0.01148EPSS
Exploits0References3
Cvelist
Cvelist
added 2012/09/09 9:0 p.m.20 views

CVE-2011-4942

Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...

5.8AI score0.01367EPSS
Exploits0References7
CVE
CVE
added 2012/09/09 9:0 p.m.45 views

CVE-2011-5159

GeSleeklog (Geeklog) vulnerability in admin/configuration.php before 1.7.1sr1 allows remote XSS via the sub_group parameter. The issue is a distinct variant from CVE-2011-4942 and arises in the subgroup parameter handling, potentially enabling script insertion. Redhat/NVD entries confirm similar ...

4.3CVSS5.8AI score0.01148EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2012/09/09 9:0 p.m.45 views

CVE-2011-4942

Geekslog’s admin/configuration.php is affected by XSS in multiple inputs (1) subgroup and (2) conf_group in Geeklog before 1.7.1sr1. The root cause is insufficient input sanitization allowing remote attackers to inject arbitrary HTML/script. Impact is limited to web context and requires user-orig...

4.3CVSS5.9AI score0.01367EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder