ivywe/geeklog-ivywe

ivywe/geeklog-ivywe

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases1

Frequency

Last Release over 10 years ago

Geeklog IVYWE edition

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2016-4849 ↗	Apr 20, 2017Thursday, 20 April 2017, 17:59	—	4.3 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml.
CVE-2016-4875 ↗	Apr 14, 2017Friday, 14 April 2017, 18:59	—	4.3 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.