Lucene search
+L

130 matches found

htbridge
htbridge
added 2013/10/16 12:0 a.m.43 views

Cross-Site Scripting (XSS) in Zikula Application Framework

High-Tech Bridge Security Research Lab discovered vulnerability in Zikula Application Framework, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Zikula Application Framework: CVE-2013-6168 1.1 The vulnerability exists due to insufficient...

4.3CVSS5.8AI score0.0122EPSS
Exploits3Affected Software1
vulnerlab
vulnerlab
added 2013/10/15 12:0 a.m.44 views

Zikula CMS v1.3.5 - Multiple Web Vulnerabilities

Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...

7.1AI score
Exploits0
vulnerlab
vulnerlab
added 2013/10/15 12:0 a.m.39 views

Zikula CMS v1.3.5 - Multiple Web Vulnerabilities

Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...

7.1AI score
Exploits0
nvd
nvd
added 2011/10/04 10:55 a.m.26 views

CVE-2011-3979

Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...

4.3CVSS5.7AI score0.02179EPSS
Exploits1References8
prion
prion
added 2011/10/04 10:55 a.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...

4.3CVSS6.1AI score0.02179EPSS
Exploits1References8Affected Software1
cvelist
cvelist
added 2011/10/04 10:0 a.m.28 views

CVE-2011-3979

Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...

5.7AI score0.02179EPSS
Exploits1References8
cve
cve
added 2011/10/04 10:0 a.m.57 views

CVE-2011-3979

Vulnerability: Zikula Application Framework (theme module) has an XSS in ztemp/view_compiled/Theme/theme_admin_setasdefault.php. Affected versions include 1.3.0 build 3168 and 1.2.7 (likely others). Impact: remote attackers can inject arbitrary HTML/Script via the themename parameter in the setos...

4.3CVSS5.8AI score0.02179EPSS
Exploits1References8Affected Software1
nvd
nvd
added 2011/09/24 12:55 a.m.27 views

CVE-2011-3826

Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files...

5CVSS6.1AI score0.01229EPSS
Exploits0References3
prion
prion
added 2011/09/24 12:55 a.m.22 views

Information disclosure

Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files...

5CVSS6.7AI score0.01229EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2011/09/24 12:0 a.m.22 views

CVE-2011-3826

Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files...

6.1AI score0.01229EPSS
Exploits0References3
cve
cve
added 2011/09/24 12:0 a.m.40 views

CVE-2011-3826

CVE-2011-3826 affects Zikula 1.2.4. An information-disclosure flaw allows remote attackers to obtain sensitive data by directly requesting a PHP file, causing an error message that reveals the installation path (demonstrated by themes/voodoodolly/version.php and other files). The NVD metrics indi...

5CVSS6.3AI score0.01229EPSS
Exploits0References3Affected Software1
openvas
openvas
added 2011/09/12 12:0 a.m.33 views

Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability

Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

4.3CVSS7AI score0.02179EPSS
Exploits1References3
openvas
openvas
added 2011/09/12 12:0 a.m.32 views

Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability

Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

4.3CVSS6.8AI score0.02179EPSS
Exploits1References3
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.47 views

XSS in Zikula

Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...

0.5AI score
Exploits0
packetstorm
packetstorm
added 2011/09/08 12:0 a.m.22 views

Zikula 1.3.0 Cross Site Scripting

Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...

Exploits0
exploitpack
exploitpack
added 2011/09/05 12:0 a.m.16 views

Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting

Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...

Exploits0
exploitdb
exploitdb
added 2011/09/05 12:0 a.m.26 views

Zikula Application Framework 1.2.7/1.3 - 'themename' Cross-Site Scripting

source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

7.4AI score
Exploits0
htbridge
htbridge
added 2011/08/17 12:0 a.m.84 views

Cross-site Scripting (XSS) Vulnerability in Zikula Application Framework

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Zikula Application Framework Input passed via the "themename" parameter to...

2.6CVSS5.9AI score0.02179EPSS
Exploits1Affected Software1
openvas
openvas
added 2011/02/15 12:0 a.m.39 views

Zikula Security bypass Vulnerability

This host is running Zikula and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbzikulasecbypassvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Zikula Security bypass Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks GmbH,...

5CVSS6.7AI score0.00949EPSS
Exploits0References1
openvas
openvas
added 2011/02/15 12:0 a.m.14 views

Zikula < 1.3.1 Security Bypass Vulnerability

Zikula is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS6.9AI score0.00949EPSS
Exploits0References1
Rows per page
Query Builder