Exploitation Summary
EIP tracks 1 public exploit for CVE-2011-3979. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in Zikula Application Framework by injecting a malicious script via the 'themename' parameter. The payload executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies or performing other client-side attacks.
Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Exploits (1)
The exploit demonstrates a reflected XSS vulnerability in Zikula Application Framework by injecting a malicious script via the 'themename' parameter. The payload executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies or performing other client-side attacks.