Lucene search

MitreCVE-2010-1724

HistoryMay 06, 2010 - 2:53 p.m.

CVE-2010-1724

2010-05-0614:53:01

CWE-79

mitre

web.nvd.nist.gov

cve

2010

1724

xss

zikula application framework

vulnerabilities

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.011

Percentile

84.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

Affected configurations

Nvd

Node

zikulazikula_application_frameworkMatch1.2.2

VendorProductVersionCPE
zikulazikula_application_framework1.2.2cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zikula	zikula_application_framework	1.2.2	cpe:2.3:a:zikula:zikula_application_framework:1.2.2:::::::*

References

community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement

osvdb.org/64096

secunia.com/advisories/39614

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html

www.osvdb.org/64095

www.securityfocus.com/archive/1/510988/100/0/threaded

www.securityfocus.com/bid/39717

exchange.xforce.ibmcloud.com/vulnerabilities/58224

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.011

Percentile

84.6%

JSON

Related for CVE-2010-1724