CVE-2011-4647 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.

Reference

http://osvdb.org/76297 http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86 http://project.geeklog.net/tracking/view.php?id=1368 http://secunia.com/advisories/46348/ http://www.geeklog.net/article.php/geeklog-1.8.1