CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
99.7%
Zero Point is a theme which includes many options, ideal for a wide range of sites. The theme does not escape user supplied text which creates a reflected Cross site scripting (XSS) vulnerability in URLs. There are no mitigating factors.
Drupal core is not affected. If you do not use the contributed Zero Point module, there is nothing you need to do.
Install the latest version:
Also see the Zero Point project page.