CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2014-2293 affects Zikula Application Framework prior to 1.3.7 build 11. The vulnerability arises from PHP object injection via crafted serialized data in index.php parameters: authentication_method_ser, authentication_info_ser, or zikulaMobileTheme. This can allow remote attackers to delete a...

9.8CVSS9.7AI score0.07482EPSS

Exploits1References4Affected Software1

seebug.org•added 2014/07/01 12:0 a.m.•15 views

Zikula Application Framework 1.2.2 ZLanguage.php lang Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code i...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•17 views

Zikula Application Framework 1.2.2 index.php func Parameter XSS

7.1AI score

Exploits0

securityvulns•added 2013/12/09 12:0 a.m.•116 views

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

4.3CVSS6.3AI score0.0034EPSS

Exploits3

0day.today•added 2013/11/15 12:0 a.m.•59 views

Zikula 1.3.5 Build 20 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification...

4.3CVSS6.5AI score0.0034EPSS

Exploits3

Prion•added 2013/11/14 8:55 p.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php...

4.3CVSS6AI score0.0034EPSS

Exploits3References5Affected Software1

CVE•added 2013/11/14 8:0 p.m.•42 views

CVE-2013-6168

CVE-2013-6168 affects Zikula Application Framework (pre-1.3.6). The vulnerability arises from insufficient sanitisation of the returnpage parameter in index.php, enabling cross-site scripting (XSS) via crafted links. The HTB advisory HTB23178 documents exploitation and confirms the fixed vendor p...

4.3CVSS5.7AI score0.0034EPSS

Exploits3References5Affected Software1

htbridge•added 2013/10/16 12:0 a.m.•40 views

Cross-Site Scripting (XSS) in Zikula Application Framework

High-Tech Bridge Security Research Lab discovered vulnerability in Zikula Application Framework, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Zikula Application Framework: CVE-2013-6168 1.1 The vulnerability exists due to insufficient...

4.3CVSS5.8AI score0.0034EPSS

Exploits3Affected Software1

NVD•added 2011/10/04 10:55 a.m.•18 views

CVE-2011-3979

Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...

4.3CVSS5.7AI score0.14234EPSS

Exploits1References8

Prion•added 2011/10/04 10:55 a.m.•16 views

Cross site scripting

4.3CVSS6.1AI score0.14234EPSS

Exploits1References8Affected Software1

CVE•added 2011/10/04 10:0 a.m.•49 views

CVE-2011-3979

Vulnerability: Zikula Application Framework (theme module) has an XSS in ztemp/view_compiled/Theme/theme_admin_setasdefault.php. Affected versions include 1.3.0 build 3168 and 1.2.7 (likely others). Impact: remote attackers can inject arbitrary HTML/Script via the themename parameter in the setos...

4.3CVSS5.8AI score0.14234EPSS

Exploits1References8Affected Software1

Cvelist•added 2011/10/04 10:0 a.m.•20 views

CVE-2011-3979

5.7AI score0.14234EPSS

Exploits1References8

securityvulns•added 2011/09/09 12:0 a.m.•45 views

XSS in Zikula

Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...

0.5AI score

Exploits0

Packet Storm•added 2011/09/08 12:0 a.m.•20 views

Zikula 1.3.0 Cross Site Scripting

Exploits0

Exploit DB•added 2011/09/05 12:0 a.m.•22 views

Zikula Application Framework 1.2.7/1.3 - 'themename' Cross-Site Scripting

source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

7.4AI score

Exploits0

htbridge•added 2011/08/17 12:0 a.m.•80 views

Cross-site Scripting (XSS) Vulnerability in Zikula Application Framework

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Zikula Application Framework Input passed via the "themename" parameter to...

2.6CVSS5.9AI score0.14234EPSS

Exploits1Affected Software1

Prion•added 2010/05/06 2:53 p.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...

4.3CVSS6.1AI score0.02874EPSS

Exploits0References9Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by