CVE-2002-0962

GeekLog < 1.3.5 - Cross-Site Scripting via Calendar Event Link, Topic Parameter, or Comment Title

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0962. PoCs published by Ahmet Sabri ALPER.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Geeklog by injecting malicious script code into URL parameters, which can steal cookie-based authentication credentials.

Description

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Ahmet Sabri ALPER · textwebappsphp

https://www.exploit-db.com/exploits/21525

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Geeklog by injecting malicious script code into URL parameters, which can steal cookie-based authentication credentials.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Geeklog 1.3.5 and earlier

No auth needed

Prerequisites: A victim must click on a malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Ahmet Sabri ALPER · textwebappsphp

https://www.exploit-db.com/exploits/21528

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Geeklog due to insufficient sanitization of script code in form fields. It includes an example payload demonstrating how attacker-supplied script code could be executed in the context of the website.