Vulnerabilities > CVE-2002-0962 - Cross-Site Scripting vulnerability in Geeklog 1.3/1.3.0/1.3.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
geeklog
nessus
exploit available
NVD
Published: 2002-10-04
Updated: 2008-09-05

Summary

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

Vulnerable Configurations

Part Description Count
Application
Geeklog
3

Exploit-Db

  • descriptionGeeklog 1.3.5 Calendar Event Form Script Injection Vulnerability. CVE-2002-0962 . Webapps exploit for php platform
    idEDB-ID:21528
    last seen2016-02-02
    modified2002-06-10
    published2002-06-10
    reporterAhmet Sabri ALPER
    sourcehttps://www.exploit-db.com/download/21528/
    titleGeeklog 1.3.5 Calendar Event Form Script Injection Vulnerability
  • descriptionGeeklog 1.3.5 Multiple Cross Site Scripting Vulnerabilities. CVE-2002-0962. Webapps exploit for php platform
    idEDB-ID:21525
    last seen2016-02-02
    modified2002-06-10
    published2002-06-10
    reporterAhmet Sabri ALPER
    sourcehttps://www.exploit-db.com/download/21525/
    titleGeeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities

Nessus

NASL familyCGI abuses
NASL idGEEKLOG_ADMIN_ACCESS.NASL
descriptionThe remote server is running a version of Geeklog affected by various vulnerabilities, including SQL injection, arbitrary file upload, privilege escalation, etc.
last seen2020-06-01
modified2020-06-02
plugin id11670
published2003-05-29
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11670
titleGeeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)

References