Description

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

Remediation

References

CVE-2010-1724

Related Vulnerabilities

WordPress Plugin Startklar Elementor Addons Arbitrary File Upload (1.7.13)

WordPress 5.0.x Prototype Pollution (5.0 - 5.0.15)

MySQL Improper Access Control Vulnerability (CVE-2016-8288)

WordPress Plugin WP Easy Poll Multiple Vulnerabilities (1.1.3)

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

Severity

Medium

Classification

CVE-2010-1724 CWE-707

Tags

Missing Update Known Vulnerabilities