Lucene search

PRIOn knowledge basePRION:CVE-2010-1724

HistoryMay 06, 2010 - 2:53 p.m.

Cross site scripting

2010-05-0614:53:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

CPENameOperatorVersion
zikula_application_frameworkeq1.2.2

CPE	Name	Operator	Version
	zikula_application_framework	eq	1.2.2

References

community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement

osvdb.org/64096

secunia.com/advisories/39614

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html

www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html

www.osvdb.org/64095

www.securityfocus.com/archive/1/510988/100/0/threaded

www.securityfocus.com/bid/39717

exchange.xforce.ibmcloud.com/vulnerabilities/58224