Description

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

Remediation

References

CVE-2010-1724

Related Vulnerabilities

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18405)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.17)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.23)

WordPress Plugin WordPress for Google Maps-WP MAPS SQL Injection (4.1.4)

PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)

Severity

Medium

Classification

CVE-2010-1724 CWE-707

Tags

Missing Update Known Vulnerabilities