CVE-2023-37786

Published July 13th, 2023

View on NVD ↗

CVSS v3

4.8

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.

CrownZTX/reflectedxss1

Reflected XSS Vulnerabilitiy in public_html/admin/configuration.php of Geeklog v2.2.2

GitHub