EUVD-2016-5855

Malware in sbrugna...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-4875

CVE-2016-4875 describes cross-site scripting (CWE-79) vulnerabilities in Geeklog IVYWE edition plugins: Assist (before 1.1.2.test20160906), dataBox (before 0.0.0.20160906), and userBox (before 0.0.0.20160906). The root cause is untrusted input that can be injected into administrator-facing contex...

CVE-2016-4875

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...