CVE-2011-4647

Geeklog - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.

References (5)

[Patch] http://osvdb.org/76297

[Exploit, Patch] http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86

[Various Sources] http://project.geeklog.net/tracking/view.php?id=1368

[Vendor Advisory] http://secunia.com/advisories/46348/

[Patch] http://www.geeklog.net/article.php/geeklog-1.8.1

Scores

EPSS 0.0033

EPSS Percentile 55.5%

Classification

CWE

CWE-79

Status published

Affected Products (2)

geeklog/geeklog

n/a/n/a

Timeline

Published Nov 30, 2011

Tracked Since Feb 18, 2026