Search criteria

1 vulnerability by ziku

CVE-2011-3352 (GCVE-0-2011-3352)

Vulnerability from cvelistv5 – Published: 2019-11-19 22:37 – Updated: 2024-08-06 23:29
VLAI
Summary
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
Severity
No CVSS data available.
CWE
  • Cross-Site Scripting
Assigner
References
Impacted products
Vendor Product Version
Zikula Zikula Affected: 1.3.0 build #3168 and probably prior
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2011-3352"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.immuniweb.com/advisory/HTB23039"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Zikula",
          "vendor": "Zikula",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.0 build #3168 and probably prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the \u0027themename\u0027 parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-19T22:37:48.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2011-3352"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.immuniweb.com/advisory/HTB23039"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3352",
    "datePublished": "2019-11-19T22:37:48.000Z",
    "dateReserved": "2011-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:29:56.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}