Description
Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Local Weather Cross-Site Scripting (1.0)
PHP Resource Management Errors Vulnerability (CVE-2011-3267)
WordPress Plugin Dynamic Widgets Multiple Cross-Site Scripting Vulnerabilities (1.5.10)
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.12)
Nginx Integer Overflow or Wraparound Vulnerability (CVE-2017-7529)