GeekLog 1.3.5 and Earlier: Cross-Site Scripting Vulnerabilities in Link Field, Topic Parameter, and Title Parameter

GeekLog 1.3.5 and Earlier: Cross-Site Scripting Vulnerabilities in Link Field, Topic Parameter, and Title Parameter

CVE-2002-0962 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

Learn more about our Web Application Penetration Testing UK.