Published: 06/05/2010 Updated: 10/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zikula zikula application framework 1.2.2

source: wwwsecurityfocuscom/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may ...

source: wwwsecurityfocuscom/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may al ...

CWE-79 http://osvdb.org/64096 http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement http://www.osvdb.org/64095 http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html http://secunia.com/advisories/39614 http://www.securityfocus.com/bid/39717 https://exchange.xforce.ibmcloud.com/vulnerabilities/58224 http://www.securityfocus.com/archive/1/510988/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33885/

CVE-2010-1724

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect