Cross-site Scripting Vulnerability in Zikula Application Framework

Overview :
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
Affected Product(s) :
  • Zikula 1.3.0, build #3168 and probably prior
Vulnerability Details :
CVE ID : CVE-2011-3352
Cross-site scripting (XSS) vulnerability in Zikula Application Framework
Input passed via the “themename” parameter to “ztemp/view_compiled/Theme/theme_admin_setasdefault.php” is not properly sanitised before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a administrator’s browser session in context of affected website.

Solution :

Upgrade to Zikula 1.3.1

More information :
https://github.com/zikula/core/commit/d6e6c283f18b3dcb7e92b46a7ad63fc7c7e112e2
https://github.com/zikula/core/commit/564ab97067d5e71f0df6ab2bb1d2b0d385cc27a7

Common Vulnerabilityies and Exposures

Internet Download Manager 6.37.11.1 Export/Import stack-based overflow

A vulnerability, which was classified as critical, was found in Internet Download Manager 6.37.11.1. This affects an unknown code block of the component Export/Import. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Passcovery ZIP Password Recovery 3.70.69.0 Decompression buffer overflow

A vulnerability classified as critical was found in Passcovery ZIP Password Recovery 3.70.69.0. Affected by this vulnerability is an unknown part of the component Decompression. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Portable Playable 9.18 JPEG File filename unrestricted upload

A vulnerability, which was classified as critical, has been found in Portable Playable 9.18. Affected by this issue is an unknown code of the component JPEG File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.