Lucene search

K

[email protected]NVD:CVE-2010-1724

HistoryMay 06, 2010 - 2:53 p.m.

CVE-2010-1724

2010-05-0614:53:01

CWE-79

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

Affected configurations

NVD

Node

zikulazikula_application_frameworkMatch1.2.2

References

community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement

osvdb.org/64096

secunia.com/advisories/39614

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html

www.osvdb.org/64095

www.securityfocus.com/archive/1/510988/100/0/threaded

www.securityfocus.com/bid/39717

exchange.xforce.ibmcloud.com/vulnerabilities/58224

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

Related for NVD:CVE-2010-1724

prion1 cve1 cvelist1 fedora2 nessus2 openvas6 htbridge1