Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3365)
WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery (0.9.5.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-41585)
WordPress Plugin WP No External Links Cross-Site Scripting (3.5.15)