Zikula Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-3352 - Vulnerability Database

Zikula

Zikula Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-3352

Medium

Reference: CVE-2011-3352

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-3352

Title: Zikula Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Zikula 1.3.0 build 3168 and probably prior has XSS flaw due to improper sanitization of the 39themename39 parameter by setting default modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.