Vulnerability Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zikula | Zikula Application Framework | 1.2.7 |
Related Weaknesses (CWE)
References
- http://community.zikula.org/index.php?module=News&func=display&sid=3075Patch
- http://osvdb.org/75226
- http://secunia.com/advisories/45884Vendor Advisory
- http://securityreason.com/securityalert/8409
- http://www.securityfocus.com/archive/1/519565/100/0/threaded
- http://www.securityfocus.com/bid/49491Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69644
- https://www.htbridge.ch/advisory/xss_in_zikula.htmlExploit
- http://community.zikula.org/index.php?module=News&func=display&sid=3075Patch
- http://osvdb.org/75226
- http://secunia.com/advisories/45884Vendor Advisory
- http://securityreason.com/securityalert/8409
- http://www.securityfocus.com/archive/1/519565/100/0/threaded
- http://www.securityfocus.com/bid/49491Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69644
FAQ
What is CVE-2011-3979?
CVE-2011-3979 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versi...
How severe is CVE-2011-3979?
CVE-2011-3979 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3979?
Check the references section above for vendor advisories and patch information. Affected products include: Zikula Zikula Application Framework.