Description
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/22741
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51260
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23122
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80087
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/22741
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56523
Scores
EPSS
0.0549
EPSS Percentile
90.3%
Details
CWE
CWE-79
Status
published
Products (15)
babygekko/baby_gekko
0.90
babygekko/baby_gekko
0.91
babygekko/baby_gekko
0.98 alpha
babygekko/baby_gekko
0.99 beta
babygekko/baby_gekko
1.0.0
babygekko/baby_gekko
1.0.1
babygekko/baby_gekko
1.1.0
babygekko/baby_gekko
1.1.1
babygekko/baby_gekko
1.1.2
babygekko/baby_gekko
1.1.3
... and 5 more
Published
Sep 22, 2014
Tracked Since
Feb 18, 2026