Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zikula Application Framework theme_admin_setasdefault.php跨站脚本攻击漏洞
Vulnerability Description
Zikula是Zikula基金会的一套用于构建和维护Web站点的PHP应用程序框架,它可通过第三方附加模块扩展成社区、门户、电子商务等。 Zikula Application Framework 1.3.0 build 3168, 1.2.7, 及其他版本的ztemp/view_compiled/Theme/theme_admin_setasdefault.php中存在跨站脚本攻击漏洞。远程攻击者可借助作用在index.php上setasdefault行为的themename参数注入任意web脚本或HTM
CVSS Information
N/A
Vulnerability Type
N/A