Lucene search

[email protected]NVD:CVE-2014-7980

HistoryOct 08, 2014 - 6:55 p.m.

CVE-2014-7980

2014-10-0818:55:04

CWE-79

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.

Affected configurations

NVD

Node

drupalzenMatch7.x-3.0

drupalzenMatch7.x-3.1

drupalzenMatch7.x-3.2

drupalzenMatch7.x-5.0

drupalzenMatch7.x-5.1

drupalzenMatch7.x-5.2

drupalzenMatch7.x-5.3

drupalzenMatch7.x-5.4

References

drupal.org/node/2254925

secunia.com/advisories/58318

www.securityfocus.com/bid/67175

www.drupal.org/node/2254835

www.drupal.org/node/2254837

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for NVD:CVE-2014-7980

cve1 drupal1 prion1 cvelist1