| Overview : |
| Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website. |
| Affected Product(s) : |
|
| Vulnerability Details : |
||||
Solution : Upgrade to Zikula 1.3.1 More information : |
Description A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This
Description An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating
Description A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON