VYPR
Unrated severityNVD Advisory· Published Nov 14, 2013· Updated Jun 17, 2026

CVE-2013-6168

CVE-2013-6168

Description

Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.

Affected products

7
  • cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*range: <=1.3.5
    • cpe:2.3:a:zikula:zikula_application_framework:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zikula:zikula_application_framework:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zikula:zikula_application_framework:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zikula:zikula_application_framework:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zikula:zikula_application_framework:1.3.4:*:*:*:*:*:*:*
    • (no CPE)range: <1.3.6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.