130 matches found
Cross-Site Scripting (XSS) in Zikula Application Framework
High-Tech Bridge Security Research Lab discovered vulnerability in Zikula Application Framework, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Zikula Application Framework: CVE-2013-6168 1.1 The vulnerability exists due to insufficient...
Zikula CMS v1.3.5 - Multiple Web Vulnerabilities
Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...
Zikula CMS v1.3.5 - Multiple Web Vulnerabilities
Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...
CVE-2011-3979
Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...
Cross site scripting
Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...
CVE-2011-3979
Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...
CVE-2011-3979
Vulnerability: Zikula Application Framework (theme module) has an XSS in ztemp/view_compiled/Theme/theme_admin_setasdefault.php. Affected versions include 1.3.0 build 3168 and 1.2.7 (likely others). Impact: remote attackers can inject arbitrary HTML/Script via the themename parameter in the setos...
CVE-2011-3826
Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files...
Information disclosure
Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files...
CVE-2011-3826
Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files...
CVE-2011-3826
CVE-2011-3826 affects Zikula 1.2.4. An information-disclosure flaw allows remote attackers to obtain sensitive data by directly requesting a PHP file, causing an error message that reveals the installation path (demonstrated by themes/voodoodolly/version.php and other files). The NVD metrics indi...
Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
XSS in Zikula
Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...
Zikula 1.3.0 Cross Site Scripting
Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...
Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting
Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...
Zikula Application Framework 1.2.7/1.3 - 'themename' Cross-Site Scripting
source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Cross-site Scripting (XSS) Vulnerability in Zikula Application Framework
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Zikula Application Framework Input passed via the "themename" parameter to...
Zikula Security bypass Vulnerability
This host is running Zikula and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbzikulasecbypassvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Zikula Security bypass Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks GmbH,...
Zikula < 1.3.1 Security Bypass Vulnerability
Zikula is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...