Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
View Full Alert
The user-access-manager plugin before 1.2 for WordPress has CSRF. View Full Alert
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. View Full Alert
The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. View Full Alert