Description
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
Remediation
References
Related Vulnerabilities
Perl Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-47100)
Oracle JRE CVE-2013-1557 Vulnerability (CVE-2013-1557)
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)
WordPress Plugin Chop Slider 3 SQL Injection (3.4)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35152)