Description
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
Remediation
References
Related Vulnerabilities
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.17)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.23)
WordPress Plugin WordPress for Google Maps-WP MAPS SQL Injection (4.1.4)
PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)