CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0962

HIGH
7.5
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile41.82th
PublishedOct 4, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

Affected Platforms (CPE)

πŸ“¦
Geeklog

Geeklog

<= 1.3.5

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
πŸ”— http://geeklog.sourceforge.net/article.php?story=20020610013358149
πŸ”— http://www.iss.net/security_center/static/9309.php
πŸ”— http://www.iss.net/security_center/static/9310.php
πŸ”— http://www.securityfocus.com/bid/4969
πŸ”— http://www.securityfocus.com/bid/4974
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
πŸ”— http://geeklog.sourceforge.net/article.php?story=20020610013358149

Related Vulnerabilities

CVE-2006-106910.0

Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr...

CVE-2006-26987.8

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invali...

CVE-2005-47257.5

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic...

CVE-2002-00977.5

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's...