Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Remediation
References
Related Vulnerabilities
Atlassian Jira CVE-2020-14167 Vulnerability (CVE-2020-14167)
WordPress Plugin Premmerce Product Filter for WooCommerce Security Bypass (3.1.2)
Magento CVE-2019-7876 Vulnerability (CVE-2019-7876)
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Cross-Site Scripting (15.3)