CVE - CVE-2011-3352

CVE-ID
CVE-2011-3352	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://access.redhat.com/security/cve/cve-2011-3352 URL:https://access.redhat.com/security/cve/cve-2011-3352 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352 MISC:https://www.immuniweb.com/advisory/HTB23039 URL:https://www.immuniweb.com/advisory/HTB23039
Assigning CNA
Red Hat, Inc.
Date Record Created
20110830	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110830)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)