Cross-Site Scripting (XSS) Vulnerability in Zikula 1.3.0 Build #3168 and Prior

Cross-Site Scripting (XSS) Vulnerability in Zikula 1.3.0 Build #3168 and Prior

CVE-2011-3352 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

Learn more about our Web App Pen Testing.