RSS   Vulnerabilities for 'Zikula'   RSS

2019-11-19
 
CVE-2011-3352

CWE-79
 

 
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

 


Copyright 2024, cxsecurity.com

 

Back to Top