Vulnerabilities > CVE-2002-0962 - Unspecified vulnerability in Geeklog 1.3/1.3.0/1.3.5

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
geeklog
nessus
exploit available

Summary

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

Vulnerable Configurations

Part Description Count
Application
Geeklog
3

Exploit-Db

  • descriptionGeeklog 1.3.5 Calendar Event Form Script Injection Vulnerability. CVE-2002-0962 . Webapps exploit for php platform
    idEDB-ID:21528
    last seen2016-02-02
    modified2002-06-10
    published2002-06-10
    reporterAhmet Sabri ALPER
    sourcehttps://www.exploit-db.com/download/21528/
    titleGeeklog 1.3.5 Calendar Event Form Script Injection Vulnerability
  • descriptionGeeklog 1.3.5 Multiple Cross Site Scripting Vulnerabilities. CVE-2002-0962. Webapps exploit for php platform
    idEDB-ID:21525
    last seen2016-02-02
    modified2002-06-10
    published2002-06-10
    reporterAhmet Sabri ALPER
    sourcehttps://www.exploit-db.com/download/21525/
    titleGeeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities

Nessus

NASL familyCGI abuses
NASL idGEEKLOG_ADMIN_ACCESS.NASL
descriptionThe remote server is running a version of Geeklog affected by various vulnerabilities, including SQL injection, arbitrary file upload, privilege escalation, etc.
last seen2020-06-01
modified2020-06-02
plugin id11670
published2003-05-29
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11670
titleGeeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)