CVE List

CVE-2011-3352

Moderate 4.8

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

Published November 20, 2019.

Affected software

Get alerts for Ziku Zikula

Reference links