CVE-2003-1347

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/306770	Exploit
http://www.geeklog.net/filemgmt/visit.php?lid=101	Patch
http://www.securityfocus.com/bid/6601	Exploit
http://www.securityfocus.com/bid/6602	Exploit
http://www.securityfocus.com/bid/6603	Exploit
http://securityreason.com/securityalert/3226
http://www.securityfocus.com/bid/6604
https://exchange.xforce.ibmcloud.com/vulnerabilities/11075

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*

Information

Published : 2003-12-30 21:00

Updated : 2017-07-28 18:29

NVD link : CVE-2003-1347

Mitre link : CVE-2003-1347

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

geeklog

geeklog

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/306770", "name": "20030114 Multiple XSS in Geeklog 1.3.7", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://www.geeklog.net/filemgmt/visit.php?lid=101", "name": "http://www.geeklog.net/filemgmt/visit.php?lid=101", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/6601", "name": "6601", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/6602", "name": "6602", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/6603", "name": "6603", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/3226", "name": "3226", "tags": [], "refsource": "SREASON"}, {"url": "http://www.securityfocus.com/bid/6604", "name": "6604", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11075", "name": "geeklog-php-scripts-xss(11075)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1347", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:29Z"}