4 matches found
CVE-2011-4942
Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...
CVE-2011-5159
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
CVE-2011-4942
Geekslog’s admin/configuration.php is affected by XSS in multiple inputs (1) subgroup and (2) conf_group in Geeklog before 1.7.1sr1. The root cause is insufficient input sanitization allowing remote attackers to inject arbitrary HTML/script. Impact is limited to web context and requires user-orig...