CVE-2003-1347 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php (2) uid parameter to profiles.php (3) uid to users.php and (4) homepage field.

Reference

http://securityreason.com/securityalert/3226 http://www.geeklog.net/filemgmt/visit.php?lid=101 http://www.securityfocus.com/archive/1/306770 http://www.securityfocus.com/bid/6601 http://www.securityfocus.com/bid/6602 http://www.securityfocus.com/bid/6603 http://www.securityfocus.com/bid/6604 https://exchange.xforce.ibmcloud.com/vulnerabilities/11075