CVE-2003-1347

Name of the Vulnerable Software and Affected Versions Geeklog version 1.3.7

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several parameters, including the cid parameter to "comment.php", the uid parameter to "profiles.php" and "users.php", and the homepage field.

Recommendations For Geeklog version 1.3.7, consider restricting access to the vulnerable parameters, such as cid, uid, and the homepage field, until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints, specifically "comment.php", "profiles.php", and "users.php", to minimize the risk of exploitation.