CVE-2002-0962

Name of the Vulnerable Software and Affected Versions: GeekLog versions 1.3.5 and earlier

Description: The issue allows remote attackers to execute arbitrary script. This can be achieved via the url variable in the Link field of a calendar event, the topic parameter in "index.php", or the title parameter in "comment.php".

Recommendations: For GeekLog versions 1.3.5 and earlier, consider disabling the Link field in calendar events, restricting access to "index.php" and "comment.php" until a fix is available, and avoid using the url, topic, and title parameters in the affected API endpoints.