Lucene search

PRIOn knowledge basePRION:CVE-2013-4275

HistoryNov 13, 2019 - 9:15 p.m.

Cross site scripting

2019-11-1321:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.0%

JSON

Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via the breadcrumb separator field.

CPENameOperatorVersion
zeneq>= 6.x1.0 AND <= 6.x1.3
zeneq>= 7.x5.0 AND < 7.x5.4
zeneq>= 7.x3.0 AND < 7.x3.2

Name	Operator	Version
zen	eq	>= 6.x1.0 AND <= 6.x1.3
zen	eq	>= 7.x5.0 AND < 7.x5.4
zen	eq	>= 7.x3.0 AND < 7.x3.2

References

seclists.org/fulldisclosure/2013/Aug/226

www.madirish.net/?article=452

www.openwall.com/lists/oss-security/2013/08/22/2

www.securityfocus.com/bid/61922

drupal.org/node/2071055

drupal.org/node/2071065

drupal.org/node/2071157

drupal.org/node/754000