CVE-2023-46059

Name of the Vulnerable Software and Affected Versions Geeklog-Core geeklog version 2.2.2

Description A Cross Site Scripting (XSS) issue allows a remote attacker to execute arbitrary code via a crafted payload to the Service and website URL to Ping parameters of the admin/trackback.php component. This enables the attacker to inject malicious scripts into the website, potentially leading to unauthorized actions.

Recommendations For version 2.2.2, consider disabling the admin/trackback.php component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Service and website URL to Ping parameters to minimize the risk of arbitrary code execution.