CVE ID : | CVE-2011-3352 | | Cross-site scripting (XSS) vulnerability in Zikula Application Framework Input passed via the “themename” parameter to “ztemp/view_compiled/Theme/theme_admin_setasdefault.php” is not properly sanitised before being returned to the user.This can be exploited to execute arbitrary HTML and script code in a administrator’s browser session in context of affected website. |
Solution : Upgrade to Zikula 1.3.1 More information : https://github.com/zikula/core/commit/d6e6c283f18b3dcb7e92b46a7ad63fc7c7e112e2 https://github.com/zikula/core/commit/564ab97067d5e71f0df6ab2bb1d2b0d385cc27a7 |