Lucene search
K

35 matches found

NVD
NVD
added 2010/05/06 12:47 p.m.26 views

CVE-2010-1732

Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...

6.8CVSS6.9AI score0.00524EPSS
Exploits0References2
Prion
Prion
added 2010/05/06 12:47 p.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...

6.8CVSS7.4AI score0.00524EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2010/05/05 6:0 p.m.38 views

CVE-2010-1732

Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...

6.8AI score0.00524EPSS
Exploits0References2
CVE
CVE
added 2010/05/05 6:0 p.m.55 views

CVE-2010-1732

Zikula Application Framework up to version 1.2.3 has a CSRF vulnerability in the users module (updateemail action) that could allow an attacker to hijack an administrator’s email address. The flaw is addressed in the 1.2.3 release, which upstream fixed two security issues (XSS and CSRF) and remov...

6.8CVSS6.9AI score0.00524EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/05/05 2:0 p.m.80 views

CVE-2010-1724

CVE-2010-1724 affects Zikula Application Framework (v1.2.2 and possibly earlier). The vulnerability is XSS in the index.php handling of func and lang parameters via ZLanguage.php, enabling remote injection of arbitrary script/HTML. OpenVAS entries corroborate multiple XSS/CSRF issues for Zikula. ...

4.3CVSS5.7AI score0.04103EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2010/05/05 2:0 p.m.45 views

CVE-2010-1724

Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...

5.7AI score0.04103EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2010/05/05 12:0 a.m.16 views

Zikula Application Framework 1.2.2 Cross Site Request Forgery

Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/05/04 12:0 a.m.43 views

XSRF (CSRF) in Zikula Application Framework

Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2010/04/28 12:0 a.m.22 views

Zikula 1.2.2 Cross Site Scripting

Vulnerability ID: HTB22348 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 13 April 2010 Vulnerability...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/04/27 12:0 a.m.44 views

XSS vulnerability in Zikula Application Framework

Vulnerability ID: HTB22348 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 13 April 2010 Vulnerability...

0.3AI score
Exploits0
htbridge
htbridge
added 2010/04/13 12:0 a.m.54 views

Multiple vulnerabilities in Zikula Application Framework

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting XSS and cross-site request forgery CSRF attacks. 1 XSRF CSRF in Zikula Application Framework: CVE-2010-1732 The vulnerability...

5.1CVSS1.2AI score0.04103EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2010/04/13 12:0 a.m.12 views

Zikula Application Framework 1.2.2 - index.php?func Cross-Site Scripting

Zikula Application Framework 1.2.2 - index.php?func Cross-Site Scripting source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/13 12:0 a.m.39 views

Zikula Application Framework 1.2.2 - 'ZLanguage.php?lang' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/13 12:0 a.m.25 views

Zikula Application Framework 1.2.2 - 'index.php?func' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/04/13 12:0 a.m.11 views

Zikula Application Framework 1.2.2 - ZLanguage.php?lang Cross-Site Scripting

Zikula Application Framework 1.2.2 - ZLanguage.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage th...

0.1AI score
Exploits0
Rows per page
Query Builder