Geeklog v2.2.2 is vulnerable to Stored Cross-Site Scripting (XSS) in public_html/admin/router.php
Vendor:https://github.com/Geeklog-Core/geeklog
- Log in to the Geeklog's admin account and Navigate to URL Routing and click an Edit button.
- Enter the payloads to the input areas of Rule and Route. Then click on SAVE. The payloads are
<script>alert('xss_rule');</script>
<script>alert('xss_route');</script>
3. We can observe the payloads getting triggered. Multiple visits to the routing manager page will still trigger payloads.