Lucene search

K

MitreCVELIST:CVE-2010-1724

HistoryMay 05, 2010 - 2:00 p.m.

CVE-2010-1724

2010-05-0514:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

References

community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement

osvdb.org/64096

secunia.com/advisories/39614

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html

www.osvdb.org/64095

www.securityfocus.com/archive/1/510988/100/0/threaded

www.securityfocus.com/bid/39717

exchange.xforce.ibmcloud.com/vulnerabilities/58224

5.7 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

Related for CVELIST:CVE-2010-1724

nvd1 cve1 prion1 htbridge1 openvas6 fedora2 nessus2