Cross-site Scripting Vulnerability in Zikula Application Framework - Prophaze

Cross-site Scripting Vulnerability in Zikula Application Framework

Overview :

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

Affected Product(s) :

Zikula 1.3.0, build #3168 and probably prior

Vulnerability Details :

CVE ID :	CVE-2011-3352
	Cross-site scripting (XSS) vulnerability in Zikula Application Framework Input passed via the “themename” parameter to “ztemp/view_compiled/Theme/theme_admin_setasdefault.php” is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a administrator’s browser session in context of affected website.

Solution :

Upgrade to Zikula 1.3.1

More information :
https://github.com/zikula/core/commit/d6e6c283f18b3dcb7e92b46a7ad63fc7c7e112e2
https://github.com/zikula/core/commit/564ab97067d5e71f0df6ab2bb1d2b0d385cc27a7

Contact us to get started

CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT

CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT

Description zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db)

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

Description Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with

img:is([sizes="auto" i],[sizes^="auto," i]){contain-intrinsic-size:3000px 1500px;}.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em;}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none;}:root{--wp--preset--aspect-ratio--square:1;--wp--preset--aspect-ratio--4-3:4/3;--wp--preset--aspect-ratio--3-4:3/4;--wp--preset--aspect-ratio--3-2:3/2;--wp--preset--aspect-ratio--2-3:2/3;--wp--preset--aspect-ratio--16-9:16/9;--wp--preset--aspect-ratio--9-16:9/16;--wp--preset--color--black:#000;--wp--preset--color--cyan-bluish-gray:#abb8c3;--wp--preset--color--white:#fff;--wp--preset--color--pale-pink:#f78da7;--wp--preset--color--vivid-red:#cf2e2e;--wp--preset--color--luminous-vivid-orange:#ff6900;--wp--preset--color--luminous-vivid-amber:#fcb900;--wp--preset--color--light-green-cyan:#7bdcb5;--wp--preset--color--vivid-green-cyan:#00d084;--wp--preset--color--pale-cyan-blue:#8ed1fc;--wp--preset--color--vivid-cyan-blue:#0693e3;--wp--preset--color--vivid-purple:#9b51e0;--wp--preset--color--pink:#ff3467;--wp--preset--color--blue:#2550de;--wp--preset--color--light-blue:#287ac7;--wp--preset--color--dark-blue:#353f58;--wp--preset--color--silver:#656970;--wp--preset--color--clouds:#f7fbff;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple:linear-gradient(135deg,rgba(6,147,227,1) 0%,#9b51e0 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan:linear-gradient(135deg,#7adcb4 0%,#00d082 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange:linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red:linear-gradient(135deg,rgba(255,105,0,1) 0%,#cf2e2e 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray:linear-gradient(135deg,#eee 0%,#a9b8c3 100%);--wp--preset--gradient--cool-to-warm-spectrum:linear-gradient(135deg,#4aeadc 0%,#9778d1 20%,#cf2aba 40%,#ee2c82 60%,#fb6962 80%,#fef84c 100%);--wp--preset--gradient--blush-light-purple:linear-gradient(135deg,#ffceec 0%,#9896f0 100%);--wp--preset--gradient--blush-bordeaux:linear-gradient(135deg,#fecda5 0%,#fe2d2d 50%,#6b003e 100%);--wp--preset--gradient--luminous-dusk:linear-gradient(135deg,#ffcb70 0%,#c751c0 50%,#4158d0 100%);--wp--preset--gradient--pale-ocean:linear-gradient(135deg,#fff5cb 0%,#b6e3d4 50%,#33a7b5 100%);--wp--preset--gradient--electric-grass:linear-gradient(135deg,#caf880 0%,#71ce7e 100%);--wp--preset--gradient--midnight:linear-gradient(135deg,#020381 0%,#2874fc 100%);--wp--preset--font-size--small:13px;--wp--preset--font-size--medium:20px;--wp--preset--font-size--large:36px;--wp--preset--font-size--x-large:42px;--wp--preset--spacing--20:.44rem;--wp--preset--spacing--30:.67rem;--wp--preset--spacing--40:1rem;--wp--preset--spacing--50:1.5rem;--wp--preset--spacing--60:2.25rem;--wp--preset--spacing--70:3.38rem;--wp--preset--spacing--80:5.06rem;--wp--preset--shadow--natural:6px 6px 9px rgba(0,0,0,.2);--wp--preset--shadow--deep:12px 12px 50px rgba(0,0,0,.4);--wp--preset--shadow--sharp:6px 6px 0px rgba(0,0,0,.2);--wp--preset--shadow--outlined:6px 6px 0px -3px rgba(255,255,255,1),6px 6px rgba(0,0,0,1);--wp--preset--shadow--crisp:6px 6px 0px rgba(0,0,0,1);}:where(.is-layout-flex){gap:.5em;}:where(.is-layout-grid){gap:.5em;}body .is-layout-flex{display:flex;}.is-layout-flex{flex-wrap:wrap;align-items:center;}.is-layout-flex > :is(*,div){margin:0;}body .is-layout-grid{display:grid;}.is-layout-grid > :is(*,div){margin:0;}:where(.wp-block-columns.is-layout-flex){gap:2em;}:where(.wp-block-columns.is-layout-grid){gap:2em;}:where(.wp-block-post-template.is-layout-flex){gap:1.25em;}:where(.wp-block-post-template.is-layout-grid){gap:1.25em;}.has-black-color{color:var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color:var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color:var(--wp--preset--color--white) !important;}.has-pale-pink-color{color:var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color:var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color:var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color:var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color:var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color:var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color:var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color:var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color:var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color:var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color:var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color:var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color:var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color:var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color:var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color:var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color:var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color:var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color:var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color:var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color:var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color:var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color:var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color:var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color:var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color:var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color:var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color:var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color:var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color:var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color:var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color:var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color:var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background:var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background:var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background:var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background:var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background:var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background:var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background:var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background:var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background:var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background:var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background:var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background:var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size:var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size:var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size:var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size:var(--wp--preset--font-size--x-large) !important;}:where(.wp-block-post-template.is-layout-flex){gap:1.25em;}:where(.wp-block-post-template.is-layout-grid){gap:1.25em;}:where(.wp-block-columns.is-layout-flex){gap:2em;}:where(.wp-block-columns.is-layout-grid){gap:2em;}:root :where(.wp-block-pullquote){font-size:1.5em;line-height:1.6;}.e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload),.e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload) *{background-image:none !important;}@media screen and (max-height: 1024px){.e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload),.e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload) *{background-image:none !important;}.e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload).nitro-lazy,.e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload) *.nitro-lazy{background-image:none !important;}}@media screen and (max-height: 640px){.e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload),.e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload) *{background-image:none !important;}.e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload).nitro-lazy,.e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload) *.nitro-lazy{background-image:none !important;}}.e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload).nitro-lazy,.e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload) *.nitro-lazy{background-image:none !important;}body.custom-background{background-color:#fff;}@media (min-width: 992px){.nav__flex-parent{height:90px;}.nav{min-height:90px;}.nav__menu > li > a{line-height:90px;}.nav--sticky.sticky .nav__flex-parent{height:68px;}.nav--sticky.sticky .nav__menu > li > a{line-height:68px;color:#656970;}.nav__menu > li{padding-left:12px;padding-right:12px;}.nav--default{background-color:rgba(255,255,255,0);}.nav--default .nav__menu > li > a{color:#000;}.nav--default .nav__dropdown-menu,.nav--default .nav__menu > .nav__dropdown > .nav__dropdown-menu:before{background-color:#001b70;}.nav--default .nav__dropdown-menu > li > a{color:#fff;}.nav--default .nav__dropdown-menu > li > a:hover,.nav--default .nav__dropdown-menu > li > a:focus{color:#5579fd;}.nav--sticky.sticky{background-color:rgba(255,255,255,1);}.nav--sticky.sticky .nav__menu > li > a:hover,.nav--sticky.sticky .nav__menu > li.active > a,.nav--sticky.sticky .nav__menu > .current_page_parent > a,.nav--sticky.sticky .nav__menu .current-menu-item > a{color:#1e73be;}.nav--transparent{background-color:rgba(255,255,255,0);}.nav--transparent .nav__menu > li > a{color:#fff;}.nav--transparent .nav__menu > li > a:hover,.nav--transparent .nav__menu > li > a:focus .nav--transparent .nav__menu > li.active > a,.nav--transparent .nav__menu > .current_page_parent > a{color:#fff;}.nav--transparent .nav__dropdown-menu,.nav--transparent .nav__menu > .nav__dropdown > .nav__dropdown-menu:before{background-color:#fff;}.nav--transparent .nav__dropdown-menu > li:not(.current-menu-item) > a{color:#656970;}.nav--transparent .nav__dropdown-menu > li > a:hover,.nav--transparent .nav__dropdown-menu > li > a:focus{color:#2550de;}}@media (max-width: 991px){.nav__header{height:60px;}.nav{min-height:60px;background-color:#fff;}.nav__menu > li > a{color:#353f58;}.nav__menu li a{border-bottom-color:rgba(231,234,240,1);}}.nav__header .logo{max-height:60px;}.nav--sticky.sticky .nav__header .logo{max-height:48px;}.page-title{padding-top:90px;padding-bottom:115px;background-color:#fff;}a,.loader,.highlight,.comment-edit-link,.footer .widget.widget_calendar a,.widget_rss .rsswidget:hover,.widget_recent_entries a:hover,.widget_recent_comments a:hover,.widget_nav_menu a:hover,.widget_archive a:hover,.widget_pages a:hover,.widget_categories a:hover,.widget_meta a:hover,.footer__nav-menu li a:hover,.footer__widgets .widget a:hover,.copyright a:hover,.copyright a:focus,.link-underline:hover,.link-underline:focus,.case-study__category:hover,.case-study__category:focus{color:#0c8ff8;}.btn,.btn--color,button,input[type="button"],input[type="reset"],input[type="submit"],.button,.btn--button:focus,.btn:hover,.elementor-widget-button .elementor-button,a.cc-btn.cc-dismiss,.mc4wp-form-fields input[type=submit]:focus,.post-password-form label + input,#back-to-top:hover,.widget_tag_cloud a:hover,.entry__tags a:hover,.page-numbers.current,.pagination a:hover,.link-underline:after,.project-filter a.active,.project-filter a:hover,.project-filter a:focus{background-color:#0c8ff8;}input:focus,textarea:focus{border-color:#1f1ddb;}.elementor-widget-tabs .elementor-tab-title.elementor-active{border-top-color:#0c8ff8;}.blog-section,.archive-section,.search-results-section{background-color:#fff;}.nav--default .nav__menu > li > a:hover,.nav--default .nav__menu > li > a:focus,.nav--default .nav__menu > li.active > a,.nav--default .nav__menu > .current_page_parent > a,.nav--default .nav__menu .current-menu-item > a{color:#1e73be;}.nav--default .nav__btn{background-color:#001b70;color:#fff;}.nav--default .nav__btn:hover,.nav--default .nav__btn:focus{background-color:#d11c46;}.nav--sticky.sticky .nav__btn{background-color:#001b70;color:#fff;}.nav--transparent .nav__btn{background-color:#ff3467;color:#fff;}.nav--transparent .nav__btn:hover,.nav--default .nav__btn:focus{background-color:#81d742;}.nav__icon-toggle-bar{background-color:#282e38;}.page-title__title{color:#353f58;}.page-title__subtitle{color:#656970;}.breadcrumbs-wrap{background-color:#f7fbff;}.breadcrumbs a{color:#353f58;}.breadcrumbs__separator{color:#656970;}.breadcrumbs > span{color:#656970;}.entry__article p a,.entry__article li:not(.wp-social-link) a{color:#000;}.entry__meta li,.entry__meta a,.comment-date{color:#fff;}h1,h2,h3,h4,h5,h6{color:#353f58;}body,.deo-newsletter-gdpr-checkbox__label,figcaption,.comment-form-cookies-consent label,.pagination span,.pagination a{color:#656970;}.elementor-widget-wp-widget-recent-posts a,.widget_recent_entries a,.elementor-widget-wp-widget-nav_menu a,.widget_nav_menu a,.elementor-widget-wp-widget-categories a,.widget_categories a,.elementor-widget-wp-widget-pages a,.widget_pages a,.elementor-widget-wp-widget-pages-archives a,.widget_archive a,.elementor-widget-wp-widget-meta a,.widget_meta a{color:#656970;}.footer{background-color:#032747;}.footer__bottom,.footer{border-color:#fff;}.footer .widget-title{color:#000;}.footer,.footer .social,.footer__nav-menu li a,.footer .widget_recent_entries a,.footer .widget_nav_menu a,.footer .widget_categories a,.footer .widget_pages a,.footer .widget_archive a,.footer .widget_meta a{color:#fff;}.copyright,.copyright a{color:#fff;}.footer__col-2 > .widget:first-child .widget-title{color:#46d19b;}.footer__col-2 > .widget:last-child .widget-title{color:#fff;}.footer__col-3 > .widget:first-child .widget-title{color:#fff;}.footer__col-3 > .widget:last-child .widget-title{color:#f38e26;}.cc-window{background-color:#114a9a;}.cc-message{color:#fff;}.cc-link,.cc-link:active,.cc-link:visited,.cc-link:hover,.cc-link:focus{color:#fff;}a.cc-btn.cc-dismiss{background-color:#3f890b;color:#fff;}h1,.h1{font-family:Rubik;font-size:38px;font-weight:500;letter-spacing:-.05em;line-height:1.3;}h2,.h2{font-family:Rubik;font-size:32px;font-weight:500;letter-spacing:-.05em;line-height:1.3;}h3,.h3{font-family:Lato;}h4,.h4{font-family:Rubik;font-size:24px;font-weight:500;letter-spacing:-.05em;line-height:1.3;}h5,.h5{font-family:Rubik;font-size:20px;font-weight:500;letter-spacing:-.05em;line-height:1.3;}h6,.elementor-widget-tabs .elementor-tab-title,.elementor-accordion .elementor-tab-title{font-family:Rubik;font-size:16px;font-weight:500;letter-spacing:-.05em;line-height:1.3;}body,input{font-size:15px;}.entry__article{font-size:1.125rem;line-height:1.8;}.nav__menu li a{font-size:16px;}