Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).
References
Link | Resource |
---|---|
http://jvn.jp/jp/JVN%2381108784/index.html | Third Party Advisory |
http://secunia.com/advisories/21094 | Third Party Advisory |
http://www.geeklog.net/article.php/geeklog-1.4.0sr5 | Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2006/2865 | Permissions Required Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/27813 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-07-20T23:00:00
Updated: 2017-07-19T15:57:01
Reserved: 2006-07-20T00:00:00
Link: CVE-2006-3756
JSON object: View
NVD Information
Status : Analyzed
Published: 2006-07-21T14:03:00.000
Modified: 2018-10-04T22:07:32.707
Link: CVE-2006-3756
JSON object: View
Redhat Information
No data.
CWE