35 matches found
CVE-2010-1732
Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...
CVE-2010-1732
Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...
CVE-2010-1732
Zikula Application Framework up to version 1.2.3 has a CSRF vulnerability in the users module (updateemail action) that could allow an attacker to hijack an administrator’s email address. The flaw is addressed in the 1.2.3 release, which upstream fixed two security issues (XSS and CSRF) and remov...
CVE-2010-1724
CVE-2010-1724 affects Zikula Application Framework (v1.2.2 and possibly earlier). The vulnerability is XSS in the index.php handling of func and lang parameters via ZLanguage.php, enabling remote injection of arbitrary script/HTML. OpenVAS entries corroborate multiple XSS/CSRF issues for Zikula. ...
CVE-2010-1724
Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...
Zikula Application Framework 1.2.2 Cross Site Request Forgery
Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...
XSRF (CSRF) in Zikula Application Framework
Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...
Zikula 1.2.2 Cross Site Scripting
Vulnerability ID: HTB22348 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 13 April 2010 Vulnerability...
XSS vulnerability in Zikula Application Framework
Vulnerability ID: HTB22348 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 13 April 2010 Vulnerability...
Multiple vulnerabilities in Zikula Application Framework
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting XSS and cross-site request forgery CSRF attacks. 1 XSRF CSRF in Zikula Application Framework: CVE-2010-1732 The vulnerability...
Zikula Application Framework 1.2.2 - index.php?func Cross-Site Scripting
Zikula Application Framework 1.2.2 - index.php?func Cross-Site Scripting source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...
Zikula Application Framework 1.2.2 - 'ZLanguage.php?lang' Cross-Site Scripting
source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Zikula Application Framework 1.2.2 - 'index.php?func' Cross-Site Scripting
source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Zikula Application Framework 1.2.2 - ZLanguage.php?lang Cross-Site Scripting
Zikula Application Framework 1.2.2 - ZLanguage.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage th...