Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog prior to 1.8.2sr1 and 2.0.0 prior to 2.0.0rc2 allows remote malicious users to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
geeklog geeklog 2.0.0 |
||
geeklog geeklog 1.8.2 |