Vulnerabilities > Geeklog Project

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-20	CVE-2016-4849	Cross-site Scripting vulnerability in Geeklog Project Geeklog 2.1.1 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. network low complexity geeklog-project CWE-79	6.1

Vulnerabilities > Geeklog Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Geeklog Project"}]}