Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17300)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7002)
WordPress Plugin User Activation Email Cross-Site Scripting (1.3.0)