Lucene search
K

362 matches found

ATTACKERKB
ATTACKERKB
added 2023/07/13 5:15 p.m.6 views

CVE-2023-37787

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

4.8CVSS6AI score0.00399EPSS
Exploits1References2
Prion
Prion
added 2023/07/13 5:15 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...

4.3CVSS5AI score0.00456EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/07/13 5:15 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

4.3CVSS5AI score0.00399EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/07/13 12:0 a.m.21 views

CVE-2023-37786

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...

5.3AI score0.00456EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/13 12:0 a.m.24 views

CVE-2023-37787

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

5.3AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2023/07/13 12:0 a.m.20 views

CVE-2023-37786

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...

4.8CVSS6.2AI score0.00456EPSS
Exploits1References3
CVE
CVE
added 2023/07/13 12:0 a.m.60 views

CVE-2023-37786

Geeklog v2.2.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow an attacker to inject arbitrary web scripts or HTML via crafted payloads in the Mail Settings[backend], Mail Settings[host], Mail Settings[port], and Mail Settings[auth] parameters of the /admin/configura...

4.8CVSS5.1AI score0.00456EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/13 12:0 a.m.12 views

CVE-2023-37787

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

6.1AI score0.00399EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/13 12:0 a.m.20 views

CVE-2023-37786

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...

6.1AI score0.00456EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.5 views

Geeklog 跨站脚本漏洞

Geeklog is free and open source blogging software. A cross-site scripting vulnerability exists in Geeklog router.php due to an incorrect validation of user-supplied input by the publichtml/admin/router.php script. An attacker could exploit the vulnerability to steal the victim's cookie-based...

4.8CVSS6.3AI score0.00399EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.6 views

PT-2023-26107 · Geeklog · Geeklog

Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...

4.8CVSS5.5AI score0.00399EPSS
Exploits1References6
CVE
CVE
added 2023/07/13 12:0 a.m.56 views

CVE-2023-37787

Geeklog v2.2.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow an attacker to run arbitrary web scripts or HTML by injecting a crafted payload into the Rule and Route parameters of /admin/router.php. Root cause: improper validation of user-supplied input in router.ph...

4.8CVSS5.1AI score0.00399EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2020/04/28 12:0 a.m.32 views

Geeklog 2.2.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/28 12:0 a.m.45 views

Geeklog 2.2.1 SQL Injection Vulnerability

Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker Name: Blind SQL Injection Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Blind SQL Injection...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/27 12:0 a.m.114 views

Geeklog 2.2.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score 3.0: 7.4...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/27 12:0 a.m.121 views

Geeklog 2.2.1 SQL Injection

Information -------------------- Advisory by Netsparker Name: Blind SQL Injection Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Blind SQL Injection Severity: Critical Status: Fixed CVSS Score 3.0: 8.6 Hig...

7.4AI score
Exploits0
OSV
OSV
added 2017/04/20 5:59 p.m.13 views

CVE-2016-4849

Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...

6.1CVSS5.9AI score0.01307EPSS
Exploits0References6
Prion
Prion
added 2017/04/20 5:59 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...

4.3CVSS6.1AI score0.01307EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2017/04/20 5:59 p.m.13 views

CVE-2016-4849

Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...

6.1CVSS6.1AI score0.01307EPSS
Exploits0References6
CVE
CVE
added 2017/04/20 5:0 p.m.49 views

CVE-2016-4849

CVE-2016-4849 concerns Geeklog IVYWE edition 2.1.1. The vulnerability is a set of cross-site scripting flaws that can be triggered via the COM_getCurrentURL function used in four layout template files (public_html/layout/default/header.thtml, layout/bento/header.thtml, layout/fotos/header.thtml, ...

6.1CVSS6AI score0.01307EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder