362 matches found
CVE-2023-37787
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
CVE-2023-37786
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
CVE-2023-37787
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
CVE-2023-37786
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
CVE-2023-37786
Geeklog v2.2.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow an attacker to inject arbitrary web scripts or HTML via crafted payloads in the Mail Settings[backend], Mail Settings[host], Mail Settings[port], and Mail Settings[auth] parameters of the /admin/configura...
CVE-2023-37787
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
CVE-2023-37786
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
Geeklog 跨站脚本漏洞
Geeklog is free and open source blogging software. A cross-site scripting vulnerability exists in Geeklog router.php due to an incorrect validation of user-supplied input by the publichtml/admin/router.php script. An attacker could exploit the vulnerability to steal the victim's cookie-based...
PT-2023-26107 · Geeklog · Geeklog
Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...
CVE-2023-37787
Geeklog v2.2.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow an attacker to run arbitrary web scripts or HTML by injecting a crafted payload into the Rule and Route parameters of /admin/router.php. Root cause: improper validation of user-supplied input in router.ph...
Geeklog 2.2.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting...
Geeklog 2.2.1 SQL Injection Vulnerability
Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker Name: Blind SQL Injection Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Blind SQL Injection...
Geeklog 2.2.1 Cross Site Scripting
Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score 3.0: 7.4...
Geeklog 2.2.1 SQL Injection
Information -------------------- Advisory by Netsparker Name: Blind SQL Injection Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Blind SQL Injection Severity: Critical Status: Fixed CVSS Score 3.0: 8.6 Hig...
CVE-2016-4849
Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...
CVE-2016-4849
Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...
CVE-2016-4849
CVE-2016-4849 concerns Geeklog IVYWE edition 2.1.1. The vulnerability is a set of cross-site scripting flaws that can be triggered via the COM_getCurrentURL function used in four layout template files (public_html/layout/default/header.thtml, layout/bento/header.thtml, layout/fotos/header.thtml, ...