Description
Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.
Remediation
References
Related Vulnerabilities
Moodle Credentials Management Errors Vulnerability (CVE-2011-4587)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0046)
WordPress Plugin Content Timeline Multiple SQL Injection Vulnerabilities (4.4.2)
WordPress Plugin MAC PHOTO GALLERY Multiple Security Bypass Vulnerabilities (3.0)