Description

Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.

Remediation

References

CVE-2010-1724

Related Vulnerabilities

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20030)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder SQL Injection (1.29.2)

WordPress Plugin G-Lock Double Opt-in Manager 'ajaxbackend.php' SQL Injection (2.6.2)

WordPress Plugin White Label CMS PHP Object Injection (2.4)

WordPress Plugin Simpel Reserveren 3 Cross-Site Scripting (3.5.2)

Severity

Medium

Classification

CVE-2010-1724 CWE-707

Tags

Missing Update Known Vulnerabilities