Description
Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Ahmet Sabri ALPER · textwebappsphp
https://www.exploit-db.com/exploits/21525
exploitdb
WRITEUP
VERIFIED
by Ahmet Sabri ALPER · textwebappsphp
https://www.exploit-db.com/exploits/21528
References (6)
Core 6
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9310.php
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9309.php
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
Product x_refsource_confirm
http://geeklog.sourceforge.net/article.php?story=20020610013358149
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4969
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4974
Scores
EPSS
0.1127
EPSS Percentile
93.6%
Details
Status
published
Products (1)
geeklog/geeklog
< 1.3.5
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026