header-logo
Suggest Exploit
vendor:
Geeklog
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: Geeklog
Affected Version From: 1.3.2006
Affected Version To: 1.3.2006
Patch Exists: YES
Related CWE: N/A
CPE: a:geeklog:geeklog
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Geeklog HTML Injection Vulnerability

Geeklog is prone to HTML injection attacks. The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6604/info

Geeklog is prone to HTML injection attacks.

The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.

http://url" onmouseover="alert(document.cookie)

Navigation

Suggest Exploit

Services By CQR