Vulnerability Details CVE-2011-3352
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://access.redhat.com/security/cve/cve-2011-3352
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352
- https://www.immuniweb.com/advisory/HTB23039
- https://access.redhat.com/security/cve/cve-2011-3352
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352
- https://www.immuniweb.com/advisory/HTB23039