Lucene search

[email protected]NVD:CVE-2011-3352

HistoryNov 19, 2019 - 11:15 p.m.

CVE-2011-3352

2019-11-1923:15:11

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

Affected configurations

Nvd

Node

zikuzikulaRange≤1.3.0

VendorProductVersionCPE
zikuzikula*cpe:2.3:a:ziku:zikula:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ziku	zikula	*	cpe:2.3:a:ziku:zikula::::::::

References

access.redhat.com/security/cve/cve-2011-3352

bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3352

www.immuniweb.com/advisory/HTB23039

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

Related for NVD:CVE-2011-3352

cvelist1 prion1 cve1