Description
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-1532 Vulnerability (CVE-2012-1532)
ownCloud Improper Access Control Vulnerability (CVE-2016-9460)
Oracle Application Server Other Vulnerability (CVE-2004-1370)
MySQL CVE-2017-10227 Vulnerability (CVE-2017-10227)
WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)