362 matches found
Geeklog Calendar Plugin Cross Site Scripting Vulnerability
Geeklog is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-1470
Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...
Cross site scripting
Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...
CVE-2013-1470
Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...
CVE-2013-1470
CVE-2013-1470 affects Geeklog’s Calendar plugin (calendar/index.php) with XSS via the calendar_type parameter submitted to submit.php. Affected: Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2. Root cause: insufficient input sanitization of the calendar_type field leading to injection of arbitr...
Cross-Site Scripting (XSS) in Geeklog
Advisory ID: HTB23143 Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Versions: 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
Geeklog 1.8.2 Cross Site Scripting Vulnerability
Geeklog version 1.8.2 suffers from a cross site scripting vulnerability. Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Versions: 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013...
Geeklog 1.8.2 Cross Site Scripting
Advisory ID: HTB23143 Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Versions: 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
Geeklog - Cross-Site Scripting
Geeklog - Cross-Site Scripting source: https://www.securityfocus.com/bid/58209/info Geeklog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Geeklog - Cross-Site Scripting
source: https://www.securityfocus.com/bid/58209/info Geeklog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...
Cross-Site Scripting (XSS) in Geeklog
High-Tech Bridge Security Research Lab discovered vulnerability in Geeklog that can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Geeklog: CVE-2013-1470 The vulnerability exists due to insufficient filtration of user-supplied data in "calendartype" HTTP...
CVE-2011-4942
Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...
CVE-2011-5159
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
CVE-2011-5159
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
CVE-2011-5159
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
CVE-2011-4942
Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...
CVE-2011-5159
GeSleeklog (Geeklog) vulnerability in admin/configuration.php before 1.7.1sr1 allows remote XSS via the sub_group parameter. The issue is a distinct variant from CVE-2011-4942 and arises in the subgroup parameter handling, potentially enabling script insertion. Redhat/NVD entries confirm similar ...
CVE-2011-4942
Geekslog’s admin/configuration.php is affected by XSS in multiple inputs (1) subgroup and (2) conf_group in Geeklog before 1.7.1sr1. The root cause is insufficient input sanitization allowing remote attackers to inject arbitrary HTML/script. Impact is limited to web context and requires user-orig...