Loading
Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Use CWE-79, Zkoss vendor hub and Zk Framework product page to widen CVE-2013-5966 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2022-36537 for nearby disclosures in the same product family. Additional editorial context is available in Cybersecurity Weekly Roundup: April 27, 2026 — Critical Zero-Days and Framework Failures.