JVNDB-2006-000635

[Japanese]
JVNDB-2006-000635
Geeklog cross-site scripting vulnerability
Overview
Geeklog, an open source content management system, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Geeklog Geeklog 1.3.11sr6 and earlier Geeklog 1.4.0sr4 and earlier

Impact
An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking.
Solution

Vendor Information
Geeklog Geeklog : Geeklog 1.4.0sr5 and 1.3.11sr7
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)
CVE-2006-3756
References
JVN : JVN#81108784 National Vulnerability Database (NVD) : CVE-2006-3756 Secunia Advisory : SA21094 FrSIRT Advisories : FrSIRT/ADV-2006-2865
Revision History
[2008/05/21] Web page published

Geeklog cross-site scripting vulnerability