Summary
This host is running Geeklog and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials.
Impact Level: Application
Solution
Upgrade to version 1.8.2sr1, 2.0.0rc2 or later,
For updates refer to https://www.geeklog.net
Insight
The flaw is due to input passed via the 'calendar_type' parameter to 'submit.php', which is not properly sanitised before using it.
Affected
Geeklog 1.8.2 and 2.0.0, Other versions may also be affected.
Detection
Send a crafted exploit string via HTTP POST request and check whether it is able to read the string or not.
References
Severity
Classification
-
CVE CVE-2013-1470 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability