CVE-2002-0962 - Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute

CVE-2002-0962

Summary

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

References

Vulnerable Configurations

cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.5:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 20:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	4969 4974
bugtraq	20020610 [ARL02-A13] Multiple Security Issues in GeekLog
confirm	http://geeklog.sourceforge.net/article.php?story=20020610013358149
xf	geeklog-calendar-event-xss(9309) geeklog-index-comment-xss(9310)

Last major update

05-09-2008 - 20:29

Published

04-10-2002 - 04:00

Last modified

05-09-2008 - 20:29