CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2002-0962

HIGH
7.5
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile41.82th
Published2002年10月4日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

Affected Platforms (CPE)

📦
Geeklog

Geeklog

<= 1.3.5

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
🔗 http://geeklog.sourceforge.net/article.php?story=20020610013358149
🔗 http://www.iss.net/security_center/static/9309.php
🔗 http://www.iss.net/security_center/static/9310.php
🔗 http://www.securityfocus.com/bid/4969
🔗 http://www.securityfocus.com/bid/4974
🔗 http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
🔗 http://geeklog.sourceforge.net/article.php?story=20020610013358149

相關漏洞威脅

CVE-2006-106910.0

Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr...

CVE-2006-26987.8

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invali...

CVE-2005-47257.5

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic...

CVE-2002-00977.5

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's...