Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by ziku
CVE-2011-3352 (GCVE-0-2011-3352)
Vulnerability from cvelistv5 – Published: 2019-11-19 22:37 – Updated: 2024-08-06 23:29
VLAI
Summary
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3352 | x_refsource_MISC |
| https://www.immuniweb.com/advisory/HTB23039 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.immuniweb.com/advisory/HTB23039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zikula",
"vendor": "Zikula",
"versions": [
{
"status": "affected",
"version": "1.3.0 build #3168 and probably prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the \u0027themename\u0027 parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T22:37:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.immuniweb.com/advisory/HTB23039"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3352",
"datePublished": "2019-11-19T22:37:48.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3352 (GCVE-0-2011-3352)
Vulnerability from nvd – Published: 2019-11-19 22:37 – Updated: 2024-08-06 23:29
VLAI
Summary
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3352 | x_refsource_MISC |
| https://www.immuniweb.com/advisory/HTB23039 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.immuniweb.com/advisory/HTB23039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zikula",
"vendor": "Zikula",
"versions": [
{
"status": "affected",
"version": "1.3.0 build #3168 and probably prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the \u0027themename\u0027 parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T22:37:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.immuniweb.com/advisory/HTB23039"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3352",
"datePublished": "2019-11-19T22:37:48.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}