CVE-2003-1347
published 2003-12-31CVE-2003-1347: Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.01%
78.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geeklog | geeklog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Geeklog 1.3.7 - 'Homepage User' HTML Injection
exploitdb·2003-01-14
CVE-2003-1347 Geeklog 1.3.7 - 'Homepage User' HTML Injection
Geeklog 1.3.7 - 'Homepage User' HTML Injection
---
source: https://www.securityfocus.com/bid/6604/info
Geeklog is prone to HTML injection attacks.
The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.
http://url" onmouseover="alert(document.cookie)
Exploit-DB
Geeklog 1.3.7 - 'comment.php?cid' Cross-Site Scripting
exploitdb·2003-01-14
CVE-2003-1347 Geeklog 1.3.7 - 'comment.php?cid' Cross-Site Scripting
Geeklog 1.3.7 - 'comment.php?cid' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/6603/info
Geeklog is prone to a cross-site scripting vulnerability in the 'comment.php' script.
This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.
When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client.
http://www.example.com//comment.php?mode=Delete&sid=1&cid=alert(document.cookie)
Exploit-DB
Geeklog 1.3.7 - 'profiles.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2003-01-14
CVE-2003-1347 Geeklog 1.3.7 - 'profiles.php' Multiple Cross-Site Scripting Vulnerabilities
Geeklog 1.3.7 - 'profiles.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/6601/info
The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities.
This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.
When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client.
http://www.example.com/profiles.php?uid=alert(document.cookie)
http://www.example.com//profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=alert(document.cookie)
Exploit-DB
Geeklog 1.3.7 - 'users.php?uid' Cross-Site Scripting
exploitdb·2003-01-14
CVE-2003-1347 Geeklog 1.3.7 - 'users.php?uid' Cross-Site Scripting
Geeklog 1.3.7 - 'users.php?uid' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/6602/info
Geeklog is prone to a cross-site scripting vulnerability in the 'users.php' script.
This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.
When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client.
http://www.example.com/users.php?mode=profile&uid=alert(document.cookie)
No writeups or analysis indexed.
http://securityreason.com/securityalert/3226http://www.geeklog.net/filemgmt/visit.php?lid=101http://www.securityfocus.com/archive/1/306770http://www.securityfocus.com/bid/6601http://www.securityfocus.com/bid/6602http://www.securityfocus.com/bid/6603http://www.securityfocus.com/bid/6604https://exchange.xforce.ibmcloud.com/vulnerabilities/11075http://securityreason.com/securityalert/3226http://www.geeklog.net/filemgmt/visit.php?lid=101http://www.securityfocus.com/archive/1/306770http://www.securityfocus.com/bid/6601http://www.securityfocus.com/bid/6602http://www.securityfocus.com/bid/6603http://www.securityfocus.com/bid/6604https://exchange.xforce.ibmcloud.com/vulnerabilities/11075
2003-12-31
Published