CVE-2011-3352 (zikula)

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

View Full Alert

Related Posts

  • CVE-2011-5328

    The user-access-manager plugin before 1.2 for WordPress has CSRF. View Full Alert

  • CVE-2011-1408

    ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. View Full Alert

  • CVE-2011-5329

    The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. View Full Alert