VYPR
Unrated severityNVD Advisory· Published Nov 19, 2019· Updated Aug 6, 2024

CVE-2011-3352

CVE-2011-3352

Description

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zikula/Zikulallm-fuzzy2 versions
    <= 1.3.0 build #3168+ 1 more
    • (no CPE)range: <= 1.3.0 build #3168
    • (no CPE)range: 1.3.0 build #3168 and probably prior

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.