Published: 04/10/2002 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and previous versions allow remote malicious users to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
geeklog geeklog

source: wwwsecurityfocuscom/bid/4974/info Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will execute in the browser of a user who views such pages, in the security context of the we ...

source: wwwsecurityfocuscom/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks Attacker-supplied script code may be included in a malicious link to the 'indexphp' or 'commentphp' script Such a malicious link might be included in a HTML e-mail or on a malicious webpage ...

NVD-CWE-Other http://www.iss.net/security_center/static/9310.php http://www.iss.net/security_center/static/9309.php http://www.securityfocus.com/bid/4969 http://www.securityfocus.com/bid/4974 http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html http://geeklog.sourceforge.net/article.php?story=20020610013358149 https://nvd.nist.gov https://www.exploit-db.com/exploits/21528/

CVE-2002-0962

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect