Zikula Returnpage Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Zikula and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Zikula Application Framework version to 1.3.6 build 19 or later, For updates refer to http://zikula.org

Insight

An error exists in the index.php script which fails to properly sanitize user-supplied input to 'returnpage' parameter.

Affected

Zikula Application Framework version prior to 1.3.6 build 19

Detection

Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.

References

http://packetstormsecurity.com/files/124009
http://xforce.iss.net/xforce/xfdb/88654

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6168
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache mod_proxy_ajp Information Disclosure Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities
Allaire JRun directory browsing vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability

Zikula returnpage Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities