Summary
This host is installed with Zikula and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Zikula Application Framework version to 1.3.6 build 19 or later, For updates refer to http://zikula.org
Insight
An error exists in the index.php script which fails to properly sanitize user-supplied input to 'returnpage' parameter.
Affected
Zikula Application Framework version prior to 1.3.6 build 19
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-6168 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Apache Tomcat Directory Listing and File disclosure