CVE-2011-3352 - Ziku Zikula

Moderate 4.8

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

Affected software

Ziku Zikula

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.