Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T23:29:56.739Z

Reserved: 2011-08-30T00:00:00

Link: CVE-2011-3352

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-19T23:15:11.207

Modified: 2024-11-21T01:30:19.233

Link: CVE-2011-3352

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.