Summary
| Detail | |||
|---|---|---|---|
| Vendor | Geeklog | First view | 2006-07-21 |
| Product | Geeklog | Last view | 2012-09-09 |
| Version | 1.4.0 | Type | Application |
| Update | sr1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:geeklog:geeklog | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2012-09-09 | CVE-2011-5159 | Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942. |
| 4.3 | 2012-09-09 | CVE-2011-4942 | Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism. |
| 4.3 | 2006-07-21 | CVE-2006-3756 | Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 27375 | Geeklog Comment Handling XSS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: geeklog File : nvt/freebsd_geeklog.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2008-01-16 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_60e1792bc38011dc821a000bcdc1757a.nasl - Type: ACT_GATHER_INFO |
