Lucene search
+L
ZikulaZikula Application Framework

10 matches found

CVE
CVE
added 2010/05/05 2:0 p.m.82 views

CVE-2010-1724

CVE-2010-1724 affects Zikula Application Framework (v1.2.2 and possibly earlier). The vulnerability is XSS in the index.php handling of func and lang parameters via ZLanguage.php, enabling remote injection of arbitrary script/HTML. OpenVAS entries corroborate multiple XSS/CSRF issues for Zikula. ...

4.3CVSS5.7AI score0.04103EPSS
CVE
CVE
added 2011/02/08 9:0 p.m.59 views

CVE-2011-0535

CVE-2011-0535 affects Zikula’s Users module prior to version 1.2.5. The vulnerability is a CSRF flaw that lets an attacker hijack administrator sessions and perform privilege changes via an edit_access_permissions action to index.php. Root cause: CSRF in the Users module. Impact per source: unaut...

6.8CVSS7.2AI score0.01434EPSS
CVE
CVE
added 2011/02/08 9:0 p.m.58 views

CVE-2010-4728

The CVE affects Zikula

5CVSS6.9AI score0.00949EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.57 views

CVE-2010-1732

Zikula Application Framework up to version 1.2.3 has a CSRF vulnerability in the users module (updateemail action) that could allow an attacker to hijack an administrator’s email address. The flaw is addressed in the 1.2.3 release, which upstream fixed two security issues (XSS and CSRF) and remov...

6.8CVSS6.9AI score0.00524EPSS
CVE
CVE
added 2011/10/04 10:0 a.m.57 views

CVE-2011-3979

Vulnerability: Zikula Application Framework (theme module) has an XSS in ztemp/view_compiled/Theme/theme_admin_setasdefault.php. Affected versions include 1.3.0 build 3168 and 1.2.7 (likely others). Impact: remote attackers can inject arbitrary HTML/Script via the themename parameter in the setos...

4.3CVSS5.8AI score0.02179EPSS
Web
CVE
CVE
added 2011/02/08 9:0 p.m.51 views

CVE-2011-0911

CVE-2011-0911 (NVD entry) : Affected product is Zikula CMS, specifically the Users module, prior to version 1.2.5. It is described as a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The root cause is not detai...

4.3CVSS5.7AI score0.00855EPSS
CVE
CVE
added 2013/11/14 8:0 p.m.51 views

CVE-2013-6168

CVE-2013-6168 affects Zikula Application Framework (pre-1.3.6). The vulnerability arises from insufficient sanitisation of the returnpage parameter in index.php, enabling cross-site scripting (XSS) via crafted links. The HTB advisory HTB23178 documents exploitation and confirms the fixed vendor p...

4.3CVSS5.7AI score0.0122EPSS
Web
CVE
CVE
added 2018/03/26 6:0 p.m.49 views

CVE-2014-2293

CVE-2014-2293 affects Zikula Application Framework prior to 1.3.7 build 11. The vulnerability arises from PHP object injection via crafted serialized data in index.php parameters: authentication_method_ser, authentication_info_ser, or zikulaMobileTheme. This can allow remote attackers to delete a...

9.8CVSS9.7AI score0.0486EPSS
CVE
CVE
added 2011/02/08 9:0 p.m.46 views

CVE-2010-4729

Zikula

6.8CVSS7.2AI score0.00524EPSS
CVE
CVE
added 2016/12/05 8:9 a.m.40 views

CVE-2016-9835

Summary (CVE-2016-9835) : Zikula’s jcss.php file has a directory traversal vulnerability in 1.3.x (before 1.3.11) and 1.4.x (before 1.4.4) on Windows, allowing a remote attacker to upload a serialized file to trigger a PHP object injection. Root cause is improper handling of uploaded content lead...

9.8CVSS9.5AI score0.03918EPSS