Cross-site Scripting Vulnerability in Zikula Application Framework

where can i purchase clomid over the counter Overview :

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

cytotec no prescription needed 200mcg Affected Product(s) :

Zikula 1.3.0, build #3168 and probably prior

Vulnerability Details :

CVE ID :	CVE-2011-3352
	Cross-site scripting (XSS) vulnerability in Zikula Application Framework Input passed via the “themename” parameter to “ztemp/view_compiled/Theme/theme_admin_setasdefault.php” is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a administrator’s browser session in context of affected website.

Solution :

Upgrade to Zikula 1.3.1

More information :
https://github.com/zikula/core/commit/d6e6c283f18b3dcb7e92b46a7ad63fc7c7e112e2
https://github.com/zikula/core/commit/564ab97067d5e71f0df6ab2bb1d2b0d385cc27a7

Cross-site Scripting Vulnerability in Zikula Application Framework

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION