Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin BetterDocs-Best Documentation & Knowledge Base Cross-Site Scripting (1.8.4)
SharePoint CVE-2024-21318 Vulnerability (CVE-2024-21318)
WordPress Plugin SG Optimizer Local File Inclusion (5.0.12)
WordPress Plugin Site Analytics Multiple Vulnerabilities (1.4.3)
SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244)