Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
30 vulnerabilities found for zikula_application_framework by zikula
FKIE_CVE-2014-2293
Vulnerability from fkie_nvd - Published: 2018-03-26 18:29 - Updated: 2024-11-21 02:06
Severity ?
Summary
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://karmainsecurity.com/KIS-2014-02 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91786 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91787 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://karmainsecurity.com/KIS-2014-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91786 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91787 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5735940A-7066-4763-9EA8-E3767EB404CC",
"versionEndIncluding": "1.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php."
},
{
"lang": "es",
"value": "Zikula Application Framework en versiones anteriores a la 1.3.7. build 11 permite a los atacantes remotos realizar ataques de inyecci\u00f3n de objetos PHP y eliminar archivos arbitrarios o ejecutar c\u00f3digo PHP arbitrario mediante datos serializados manipulados en los par\u00e1metros (1) authentication_method_ser o (2) authentication_info_ser en index.php, o el par\u00e1metro (3) zikulaMobileTheme parameter en index.php."
}
],
"id": "CVE-2014-2293",
"lastModified": "2024-11-21T02:06:01.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-26T18:29:00.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://karmainsecurity.com/KIS-2014-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://karmainsecurity.com/KIS-2014-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9835
Vulnerability from fkie_nvd - Published: 2016-12-05 08:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95005 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md | Issue Tracking, Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md | Issue Tracking, Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/zikula/core/issues/3237 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95005 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md | Issue Tracking, Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md | Issue Tracking, Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zikula/core/issues/3237 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "709696F6-E682-44C6-8DEE-1981F9C0830E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC52D44-5BBA-44EC-980F-F7F68FB4308C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E37B6DC4-5491-4DAB-AF4B-344D42DF7E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE0911B-AF9A-4085-9E9A-DB51C0B3AA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBB6882-E2E7-4250-9F98-91B934A3B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC443F28-89CF-4A59-9723-A5EF1DB0D700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "82B6B7E2-1813-4E71-93AA-F69914456459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21DEA14A-1178-4CC1-9F1E-0AFC698B33E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC76EDE1-899B-42B7-85A1-4D620D06EDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19E7AD8E-BCC2-4EBD-89F0-31432310640D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3C032F-051E-41BA-B8DC-A75D27FC1FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12C66BB6-6B77-45EE-9CE9-A1153BF31ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9BF4D3-0806-451B-A1FE-CACF4DBD1216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B270D522-9D7C-4BC2-B92B-4FFA1F759C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB0107D9-B613-45DA-9620-905F36C497BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1868276F-2E01-483E-AB23-50C3F6CF572D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "78197B79-8175-4995-A9E7-BE5596D983CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "21A8E740-0B8A-4F77-9646-E773B2E7D77A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38A66193-AEBC-4E92-AC06-F1393E0E5C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDF0B86-3BC5-4812-A162-44C771D0F0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D62285E-E96B-4508-A108-CC9A8EFFE315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F0534BF-6F30-4CE7-AD28-A9664BB37776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA8C092-8C79-4AD2-A860-B07C6A497A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1F2B1E2E-8FE8-4F1A-9108-6C8A044FBADA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el archivo \"jcss.php\" en Zikula 1.3.x en versiones anteriores a 1.3.11 y 1.4.x en versiones anteriores a 1.4.4 en Windows permite a un atacante remoto lanzar una inyecci\u00f3n de objeto PHP cargando un archivo serializado."
}
],
"id": "CVE-2016-9835",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-05T08:59:02.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95005"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zikula/core/issues/3237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zikula/core/issues/3237"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6168
Vulnerability from fkie_nvd - Published: 2013-11-14 20:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | * | |
| zikula | zikula_application_framework | 1.3.0 | |
| zikula | zikula_application_framework | 1.3.1 | |
| zikula | zikula_application_framework | 1.3.2 | |
| zikula | zikula_application_framework | 1.3.3 | |
| zikula | zikula_application_framework | 1.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D98040D-178B-451E-B0AF-2C33A1249830",
"versionEndIncluding": "1.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "709696F6-E682-44C6-8DEE-1981F9C0830E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC52D44-5BBA-44EC-980F-F7F68FB4308C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E37B6DC4-5491-4DAB-AF4B-344D42DF7E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE0911B-AF9A-4085-9E9A-DB51C0B3AA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBB6882-E2E7-4250-9F98-91B934A3B8C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Zikula Application Framework anterior a la versi\u00f3n 1.3.6 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro returnpage a index.php."
}
],
"id": "CVE-2013-6168",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-14T20:55:05.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/63186"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23178"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3979
Vulnerability from fkie_nvd - Published: 2011-10-04 10:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | 1.2.7 | |
| zikula | zikula_application_framework | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B01DA7-7EC9-44D0-9A7C-5B8E7CC63591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "709696F6-E682-44C6-8DEE-1981F9C0830E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ztemp/view_compiled/Theme/theme_admin_setasdefault.php en el modulo del tema Zikula Application Framework v1.3.0 build 3168, v1.2.7, y probablemente otras versiones, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro themename en la acci\u00f3n setasdefault de index.php."
}
],
"id": "CVE-2011-3979",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-04T10:55:11.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/75226"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45884"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8409"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/49491"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/75226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/49491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0911
Vulnerability from fkie_nvd - Published: 2011-02-08 22:00 - Updated: 2026-04-29 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | * | |
| zikula | zikula_application_framework | 1.1.2 | |
| zikula | zikula_application_framework | 1.2.1 | |
| zikula | zikula_application_framework | 1.2.2 | |
| zikula | zikula_application_framework | 1.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3EDC0F-1F8B-4F91-BC01-B0EB6C96DF94",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1B6758-3E03-412F-84BD-83C8B669F738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB69408-9D6A-475F-BB4B-E5F52465FE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A76E5B1A-8CD3-40E6-B491-81F7D8B8F86A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EE3D78-D9A4-4CC3-A242-232CA58C6B68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Users en Zikula anterior a v1.2.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados. NOTA: es posible que esto se superponga a CVE-2011-0535."
}
],
"id": "CVE-2011-0911",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-08T22:00:02.290",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0535
Vulnerability from fkie_nvd - Published: 2011-02-08 22:00 - Updated: 2026-04-29 01:13
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | * | |
| zikula | zikula_application_framework | 1.1.2 | |
| zikula | zikula_application_framework | 1.2.1 | |
| zikula | zikula_application_framework | 1.2.2 | |
| zikula | zikula_application_framework | 1.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3EDC0F-1F8B-4F91-BC01-B0EB6C96DF94",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1B6758-3E03-412F-84BD-83C8B669F738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB69408-9D6A-475F-BB4B-E5F52465FE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A76E5B1A-8CD3-40E6-B491-81F7D8B8F86A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EE3D78-D9A4-4CC3-A242-232CA58C6B68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el m\u00f3dulo \"Users\" (usuarios) de Zikula en versiones anteriores a la 1.2.5. Permite a atacantes remotos secuestrar (\"hijack\") la autenticaci\u00f3n de administradores para peticiones que cambian los privilegios de cuenta a trav\u00e9s de una acci\u00f3n de edici\u00f3n de \"access_permissions\" de index.php."
}
],
"id": "CVE-2011-0535",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-08T22:00:01.213",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html"
},
{
"source": "secalert@redhat.com",
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
},
{
"source": "secalert@redhat.com",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/02/01/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/02/03/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43114"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8067"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/02/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/02/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70751"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4729
Vulnerability from fkie_nvd - Published: 2011-02-08 22:00 - Updated: 2026-04-29 01:13
Severity ?
Summary
Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | * | |
| zikula | zikula_application_framework | 1.1.2 | |
| zikula | zikula_application_framework | 1.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2539E06-1449-41D7-BE2F-8175BEE1C6DD",
"versionEndIncluding": "1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1B6758-3E03-412F-84BD-83C8B669F738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB69408-9D6A-475F-BB4B-E5F52465FE42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions."
},
{
"lang": "es",
"value": "Zikula en versiones anteriores a la 1.2.3 no utiliza el mecanismo de protecci\u00f3n authid en (1) el formulario lostpassword y (2) en el procesamiento de mailpasswd, lo que facilita a atacantes remotos generar un gran n\u00famero de peticiones de contrase\u00f1a y posiblemente generar ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) a trav\u00e9s de multiples env\u00edos de formulario."
}
],
"id": "CVE-2010-4729",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-08T22:00:00.977",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"source": "cve@mitre.org",
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4728
Vulnerability from fkie_nvd - Published: 2011-02-08 22:00 - Updated: 2026-04-29 01:13
Severity ?
Summary
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | * | |
| zikula | zikula_application_framework | 1.1.2 | |
| zikula | zikula_application_framework | 1.2.1 | |
| zikula | zikula_application_framework | 1.2.2 | |
| zikula | zikula_application_framework | 1.2.3 | |
| zikula | zikula_application_framework | 1.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53BBBEBB-3CBD-4650-91C4-8DD0CE3C6B78",
"versionEndIncluding": "1.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1B6758-3E03-412F-84BD-83C8B669F738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB69408-9D6A-475F-BB4B-E5F52465FE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A76E5B1A-8CD3-40E6-B491-81F7D8B8F86A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EE3D78-D9A4-4CC3-A242-232CA58C6B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "152E4A65-5432-4CAE-98CE-44CDD48AB6E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism."
},
{
"lang": "es",
"value": "Zikula en versiones anteriores a la 1.3.1 utiliza las funciones PHP rand y srand para la generaci\u00f3n de n\u00fameros aleatorios, lo que facilita a atacantes remotos evitar los mecanismos de protecci\u00f3n basados en la aleatorizaci\u00f3n prediciendo el valor de rotorno, como se ha demostrado con el mecanismo de protecci\u00f3n authid."
}
],
"id": "CVE-2010-4728",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:00.883",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.zikula.org/core/ticket/2009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.zikula.org/core/ticket/2009"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1724
Vulnerability from fkie_nvd - Published: 2010-05-06 14:53 - Updated: 2026-04-29 01:13
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A76E5B1A-8CD3-40E6-B491-81F7D8B8F86A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Zikula Application Framework versi\u00f3n v1.2.2 y anteriores permiten a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n usando el par\u00e1metro (1) func o el par\u00e1metro (2) en index.php, que no es manejado adecuadamente por ZLanguage.php."
}
],
"id": "CVE-2010-1724",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-06T14:53:01.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/64096"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39614"
},
{
"source": "cve@mitre.org",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/64095"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39717"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/64096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/64095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1732
Vulnerability from fkie_nvd - Published: 2010-05-06 12:47 - Updated: 2026-04-29 01:13
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zikula | zikula_application_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2539E06-1449-41D7-BE2F-8175BEE1C6DD",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action)."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el m\u00f3dulo users -usuarios- de Zikula Application Framework anterior a v1.2.3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores en solicitudes que cambian la direcci\u00f3n de correo del administrador (acci\u00f3n updateemail)."
}
],
"id": "CVE-2010-1732",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-06T12:47:23.783",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"source": "cve@mitre.org",
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-2293 (GCVE-0-2014-2293)
Vulnerability from cvelistv5 – Published: 2018-03-26 18:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2014-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zikula-securityutil-code-exec(91787)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
},
{
"name": "zikula-cve20142293-code-exec(91786)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2014-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zikula-securityutil-code-exec(91787)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
},
{
"name": "zikula-cve20142293-code-exec(91786)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2014-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zikula-securityutil-code-exec(91787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
},
{
"name": "zikula-cve20142293-code-exec(91786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"name": "http://karmainsecurity.com/KIS-2014-02",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2293",
"datePublished": "2018-03-26T18:00:00.000Z",
"dateReserved": "2014-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:06:00.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9835 (GCVE-0-2016-9835)
Vulnerability from cvelistv5 – Published: 2016-12-05 08:09 – Updated: 2024-08-06 02:59
VLAI?
Summary
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2016-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zikula/core/issues/3237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"name": "95005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zikula/core/issues/3237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"name": "95005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zikula/core/issues/3237",
"refsource": "CONFIRM",
"url": "https://github.com/zikula/core/issues/3237"
},
{
"name": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md",
"refsource": "CONFIRM",
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"name": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md",
"refsource": "CONFIRM",
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"name": "95005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9835",
"datePublished": "2016-12-05T08:09:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6168 (GCVE-0-2013-6168)
Vulnerability from cvelistv5 – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2013-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:43.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "63186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63186"
},
{
"name": "zikulaapplicationframework-unspecified-xss(88654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "63186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63186"
},
{
"name": "zikulaapplicationframework-unspecified-xss(88654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "63186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63186"
},
{
"name": "zikulaapplicationframework-unspecified-xss(88654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23178",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6168",
"datePublished": "2013-11-14T20:00:00.000Z",
"dateReserved": "2013-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:43.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3979 (GCVE-0-2011-3979)
Vulnerability from cvelistv5 – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2011-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
},
{
"name": "20110907 XSS in Zikula",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"name": "8409",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8409"
},
{
"name": "zikulaapplication-index-xss(69644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"name": "45884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45884"
},
{
"name": "49491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49491"
},
{
"name": "75226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
},
{
"name": "20110907 XSS in Zikula",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"name": "8409",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8409"
},
{
"name": "zikulaapplication-index-xss(69644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"name": "45884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45884"
},
{
"name": "49491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49491"
},
{
"name": "75226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"name": "https://www.htbridge.ch/advisory/xss_in_zikula.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
},
{
"name": "20110907 XSS in Zikula",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"name": "8409",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8409"
},
{
"name": "zikulaapplication-index-xss(69644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"name": "45884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45884"
},
{
"name": "49491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49491"
},
{
"name": "75226",
"refsource": "OSVDB",
"url": "http://osvdb.org/75226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3979",
"datePublished": "2011-10-04T10:00:00.000Z",
"dateReserved": "2011-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4729 (GCVE-0-2010-4729)
Vulnerability from cvelistv5 – Published: 2011-02-08 21:00 – Updated: 2024-09-16 19:25
VLAI?
Summary
Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.zikula.org/core/ticket/1979",
"refsource": "CONFIRM",
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"name": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4729",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:01.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4728 (GCVE-0-2010-4728)
Vulnerability from cvelistv5 – Published: 2011-02-08 21:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core/ticket/2009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core/ticket/2009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.zikula.org/core/ticket/2009",
"refsource": "CONFIRM",
"url": "http://code.zikula.org/core/ticket/2009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4728",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:12.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0535 (GCVE-0-2011-0535)
Vulnerability from cvelistv5 – Published: 2011-02-08 21:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2011-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110203 Re: CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
},
{
"name": "70751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70751"
},
{
"name": "43114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43114"
},
{
"name": "8067",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8067"
},
{
"name": "[oss-security] 20110201 CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/01/1"
},
{
"name": "20110201 Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110203 Re: CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
},
{
"name": "70751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70751"
},
{
"name": "43114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43114"
},
{
"name": "8067",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8067"
},
{
"name": "[oss-security] 20110201 CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/01/1"
},
{
"name": "20110201 Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0535",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:58:25.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0911 (GCVE-0-2011-0911)
Vulnerability from cvelistv5 – Published: 2011-02-08 21:00 – Updated: 2024-09-16 19:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0911",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:40:10.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1732 (GCVE-0-2010-1732)
Vulnerability from cvelistv5 – Published: 2010-05-05 18:00 – Updated: 2024-09-16 17:37
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-05T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
},
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1732",
"datePublished": "2010-05-05T18:00:00.000Z",
"dateReserved": "2010-05-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:37:49.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1724 (GCVE-0-2010-1724)
Vulnerability from cvelistv5 – Published: 2010-05-05 14:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2010-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/64095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"name": "39717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39717"
},
{
"name": "39614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39614"
},
{
"name": "zikula-index-xss(58224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"name": "20100427 XSS vulnerability in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"name": "64096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/64095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"name": "39717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39717"
},
{
"name": "39614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39614"
},
{
"name": "zikula-index-xss(58224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"name": "20100427 XSS vulnerability in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"name": "64096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64095",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64095"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"name": "39717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39717"
},
{
"name": "39614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39614"
},
{
"name": "zikula-index-xss(58224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
},
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"name": "20100427 XSS vulnerability in Zikula Application Framework",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"name": "64096",
"refsource": "OSVDB",
"url": "http://osvdb.org/64096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1724",
"datePublished": "2010-05-05T14:00:00.000Z",
"dateReserved": "2010-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:35:53.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2293 (GCVE-0-2014-2293)
Vulnerability from nvd – Published: 2018-03-26 18:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2014-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zikula-securityutil-code-exec(91787)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
},
{
"name": "zikula-cve20142293-code-exec(91786)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2014-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zikula-securityutil-code-exec(91787)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
},
{
"name": "zikula-cve20142293-code-exec(91786)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2014-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zikula-securityutil-code-exec(91787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/"
},
{
"name": "zikula-cve20142293-code-exec(91786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786"
},
{
"name": "http://karmainsecurity.com/KIS-2014-02",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2293",
"datePublished": "2018-03-26T18:00:00.000Z",
"dateReserved": "2014-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:06:00.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9835 (GCVE-0-2016-9835)
Vulnerability from nvd – Published: 2016-12-05 08:09 – Updated: 2024-08-06 02:59
VLAI?
Summary
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2016-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zikula/core/issues/3237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"name": "95005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zikula/core/issues/3237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"name": "95005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zikula/core/issues/3237",
"refsource": "CONFIRM",
"url": "https://github.com/zikula/core/issues/3237"
},
{
"name": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md",
"refsource": "CONFIRM",
"url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"
},
{
"name": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md",
"refsource": "CONFIRM",
"url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"
},
{
"name": "95005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9835",
"datePublished": "2016-12-05T08:09:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6168 (GCVE-0-2013-6168)
Vulnerability from nvd – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2013-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:43.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "63186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63186"
},
{
"name": "zikulaapplicationframework-unspecified-xss(88654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "63186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63186"
},
{
"name": "zikulaapplicationframework-unspecified-xss(88654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "63186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63186"
},
{
"name": "zikulaapplicationframework-unspecified-xss(88654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
},
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3132"
},
{
"name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23178",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6168",
"datePublished": "2013-11-14T20:00:00.000Z",
"dateReserved": "2013-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:43.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3979 (GCVE-0-2011-3979)
Vulnerability from nvd – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2011-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
},
{
"name": "20110907 XSS in Zikula",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"name": "8409",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8409"
},
{
"name": "zikulaapplication-index-xss(69644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"name": "45884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45884"
},
{
"name": "49491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49491"
},
{
"name": "75226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
},
{
"name": "20110907 XSS in Zikula",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"name": "8409",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8409"
},
{
"name": "zikulaapplication-index-xss(69644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"name": "45884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45884"
},
{
"name": "49491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49491"
},
{
"name": "75226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3075"
},
{
"name": "https://www.htbridge.ch/advisory/xss_in_zikula.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/xss_in_zikula.html"
},
{
"name": "20110907 XSS in Zikula",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded"
},
{
"name": "8409",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8409"
},
{
"name": "zikulaapplication-index-xss(69644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644"
},
{
"name": "45884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45884"
},
{
"name": "49491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49491"
},
{
"name": "75226",
"refsource": "OSVDB",
"url": "http://osvdb.org/75226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3979",
"datePublished": "2011-10-04T10:00:00.000Z",
"dateReserved": "2011-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0911 (GCVE-0-2011-0911)
Vulnerability from nvd – Published: 2011-02-08 21:00 – Updated: 2024-09-16 19:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0911",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:40:10.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0535 (GCVE-0-2011-0535)
Vulnerability from nvd – Published: 2011-02-08 21:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2011-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110203 Re: CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
},
{
"name": "70751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70751"
},
{
"name": "43114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43114"
},
{
"name": "8067",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8067"
},
{
"name": "[oss-security] 20110201 CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/01/1"
},
{
"name": "20110201 Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110203 Re: CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3041\u0026title=zikula-1.2.5-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
},
{
"name": "70751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70751"
},
{
"name": "43114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43114"
},
{
"name": "8067",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8067"
},
{
"name": "[oss-security] 20110201 CVE Request: Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/01/1"
},
{
"name": "20110201 Zikula CMS 1.2.4 \u003c= Cross Site Request Forgery (CSRF) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0535",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:58:25.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4729 (GCVE-0-2010-4729)
Vulnerability from nvd – Published: 2011-02-08 21:00 – Updated: 2024-09-16 19:25
VLAI?
Summary
Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.zikula.org/core/ticket/1979",
"refsource": "CONFIRM",
"url": "http://code.zikula.org/core/ticket/1979"
},
{
"name": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4729",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:01.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4728 (GCVE-0-2010-4728)
Vulnerability from nvd – Published: 2011-02-08 21:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.zikula.org/core/ticket/2009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.zikula.org/core/ticket/2009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.zikula.org/core/ticket/2009",
"refsource": "CONFIRM",
"url": "http://code.zikula.org/core/ticket/2009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4728",
"datePublished": "2011-02-08T21:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:12.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1724 (GCVE-0-2010-1724)
Vulnerability from nvd – Published: 2010-05-05 14:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2010-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/64095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"name": "39717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39717"
},
{
"name": "39614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39614"
},
{
"name": "zikula-index-xss(58224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"name": "20100427 XSS vulnerability in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"name": "64096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/64095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"name": "39717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39717"
},
{
"name": "39614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39614"
},
{
"name": "zikula-index-xss(58224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"name": "20100427 XSS vulnerability in Zikula Application Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"name": "64096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64095",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64095"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html"
},
{
"name": "39717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39717"
},
{
"name": "39614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39614"
},
{
"name": "zikula-index-xss(58224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224"
},
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
},
{
"name": "20100427 XSS vulnerability in Zikula Application Framework",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded"
},
{
"name": "64096",
"refsource": "OSVDB",
"url": "http://osvdb.org/64096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1724",
"datePublished": "2010-05-05T14:00:00.000Z",
"dateReserved": "2010-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:35:53.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1732 (GCVE-0-2010-1732)
Vulnerability from nvd – Published: 2010-05-05 18:00 – Updated: 2024-09-16 17:37
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-05T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html"
},
{
"name": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement",
"refsource": "CONFIRM",
"url": "http://community.zikula.org/index.php?module=News\u0026func=display\u0026sid=3012\u0026title=zikula-1.2.3-release-announcement"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1732",
"datePublished": "2010-05-05T18:00:00.000Z",
"dateReserved": "2010-05-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:37:49.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}