CVE-2023-37787

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 13, 2023
Updated: Jul 21, 2023
CWE ID 79

Summary

CVE-2023-37787 is a vulnerability that affects Geeklog v2.2.2, allowing attackers to execute arbitrary web scripts or HTML through cross-site scripting (XSS) vulnerabilities. The vulnerability occurs when a crafted payload is injected into the Rule and Route parameters of /admin/router.php. The risk score for this vulnerability is 27, indicating a medium severity. The privileges required for exploitation are high, and user interaction is required. The attack vector is network-based, and the impact on integrity and confidentiality is low. The base score for this vulnerability is 4.8, with an exploitability score of 1.7. Remediation measures should be taken to address these vulnerabilities in order to mitigate potential risks to organizations using Geeklog v2.2.2

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37787 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options