← volver
CVE-2010-1724

CVE-2010-1724

EPSS 4.1%
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/33885no verificadoexploitdbwww.exploit-db.com/exploits/33884no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcementhttp://osvdb.org/64096http://secunia.com/advisories/39614https://exchange.xforce.ibmcloud.com/vulnerabilities/58224http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.htmlhttp://www.osvdb.org/64095http://www.securityfocus.com/archive/1/510988/100/0/threadedhttp://www.securityfocus.com/bid/39717