Vulnerabilities > Zikula > Zikula Application Framework > 1.2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-02-08 | CVE-2011-0911 | Cross-Site Scripting vulnerability in Zikula Application Framework Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-02-08 | CVE-2011-0535 | Cross-Site Request Forgery (CSRF) vulnerability in Zikula Application Framework Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php. | 6.8 |
2011-02-08 | CVE-2010-4728 | Cryptographic Issues vulnerability in Zikula Application Framework Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism. | 5.0 |
2010-05-06 | CVE-2010-1724 | Cross-Site Scripting vulnerability in Zikula Application Framework 1.2.2 Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php. | 4.3 |