CVE-2003-1347

Geeklog - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.

Exploits (4)

exploitdb WRITEUP VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22164

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22163

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22166

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by snooq · textwebappsphp

https://www.exploit-db.com/exploits/22165

View Code ZIP pw:eip

References (8)

Core 8

Core References

Patch x_refsource_confirm

http://www.geeklog.net/filemgmt/visit.php?lid=101

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6602

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/11075

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6603

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6604

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/306770

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6601

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3226

Scores

EPSS 0.0170

EPSS Percentile 82.4%

Details

CWE

CWE-79

Status published

Products (1)

geeklog/geeklog 1.3.7

Published Dec 31, 2003

Tracked Since Feb 18, 2026