Published:2008/07/25 Last Updated:2008/07/25
JVN#60419863
Geeklog Forum Plugin vulnerable to cross-site scripting
Overview
Geeklog Forum Plugin contains a cross-site scripting vulnerability.
Products Affected
- Geeklog Forum Plugin 2.7 and earlier
Description
Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability.
Impact
An arbitrary script could be executed on the user's web browser.
Solution
Update the Software
Apply the latest update provided by the developer.
For more information, refer to the developer's website.
Vendor Status
| Vendor | Link |
| Blaine Lang | Forum Plugin Version 2.7.1 - Security Fix |
| Geeklog | Forum Plugin Version 2.7.1 - Security Fix |
| Geeklog Japanese | Forum Plugin Version 2.7.1 - Security Fix |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Technology Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2008-3316 |
| JVN iPedia |
JVNDB-2008-000045 |