CVE-2010-1724

Name of the Vulnerable Software and Affected Versions Zikula Application Framework versions 1.2.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the func parameter to "index.php", or the lang parameter to "index.php", which is not properly handled by ZLanguage.php.

Recommendations For Zikula Application Framework versions 1.2.2 and earlier, consider disabling access to the vulnerable parameters func and lang in the "index.php" endpoint until a patch is available. Restrict input handling by ZLanguage.php to minimize the risk of exploitation.