Back to search
CVE-2011-3352
Published: Nov 19, 2019
Modified: Aug 6, 2024
PUBLISHED
Description
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
| Vendor | Product | Versions |
|---|---|---|
Zikula | Zikula | affected 1.3.0 build #3168 and probably prior |
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-3352
x_refsource_MISC
https://www.immuniweb.com/advisory/HTB23039
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now