11 lines
No EOL
767 B
Text
11 lines
No EOL
767 B
Text
source: https://www.securityfocus.com/bid/8792/info
|
|
|
|
Geeklog has been reported prone to multiple HTML Injection vulnerabilities.
|
|
|
|
The issues have been reported to present themselves due to a lack of sufficient sanitization performed on data that is parsed from forum interface form fields. It has been reported that an attacker, who has sufficient privileges to create a forum post, may use the forum form fields as a conduit to inject malicious HTML and script code into dynamic Geeklog content.
|
|
|
|
The malicious HTML may be rendered in the browser of an unsuspecting user who views the malicious post. Code execution will occur in the context of the affected site.
|
|
|
|
<img src="javascript:alert()">
|
|
|
|
<b style="background-image: url(javascript:alert(document))">test</b> |