Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3979

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3979
Last Modified 13 Feb 2012 11:09:31
Published 04 Oct 2011 06:55:11
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3979

Summary

Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.

Vulnerable Systems

Application

  • Zikula Application Framework 1.2.7

  • Zikula Application Framework 1.3.0


References

CONFIRM - http://community.zikula.org/index.php?module=News&func=display&sid=3075

MISC - https://www.htbridge.ch/advisory/xss_in_zikula.html

XF - zikulaapplication-index-xss(69644)

BID - 49491

BUGTRAQ - 20110907 XSS in Zikula

SECUNIA - 45884

OSVDB - 75226

SREASON - 8409


Last Updated: 27 May 2016 10:58:14