CVE-2003-1347

Geeklog - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.

Exploits (4)

exploitdb WORKING POC VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22165

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22166

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22163

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22164

View Code ZIP pw:eip

References (8)

[Patch] http://www.geeklog.net/filemgmt/visit.php?lid=101

[Exploit] http://www.securityfocus.com/archive/1/306770

[Exploit] http://www.securityfocus.com/bid/6601

[Exploit] http://www.securityfocus.com/bid/6602

[Exploit] http://www.securityfocus.com/bid/6603

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11075

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6604

[Third Party Advisory] http://securityreason.com/securityalert/3226

Scores

EPSS 0.0127

EPSS Percentile 79.3%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

geeklog/geeklog

Timeline

Published Dec 31, 2003

Tracked Since Feb 18, 2026