Geeklog 1.3.5 - Multiple Cross Site Scripting Vulnerabilities

ID SSV:75350
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php' script. Such a malicious link might be included in a HTML e-mail or on a malicious webpage.

This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running Geeklog.

This issue has been reported to exist in Geeklog 1.3.5, earlier versions may also be susceptible to this issue.