Unrated severityNVD Advisory· Published Jul 21, 2006· Updated Jun 16, 2026
CVE-2006-3756
CVE-2006-3756
Description
Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr1:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr2:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr3:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr4:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr5:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr6:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:sr1:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:sr2:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:sr3:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:sr4:*:*:*:*:*:*
- (no CPE)range: <=1.4.0sr4, <=1.3.11sr6
Patches
Vulnerability mechanics
References
5- www.geeklog.net/article.php/geeklog-1.4.0sr5nvdPatchVendor Advisory
- jvn.jp/jp/JVN%2381108784/index.htmlnvdThird Party Advisory
- secunia.com/advisories/21094nvdThird Party Advisory
- www.vupen.com/english/advisories/2006/2865nvdPermissions RequiredThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/27813nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.