19 matches found
CVE-2025-12083
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
EUVD-2025-36873
Drupal CivicTheme Design System allows Cross-Site Scripting XSS...
GHSA-H72Q-CQ3W-H3WC Drupal CivicTheme Design System allows Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS. This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
Drupal CivicTheme Design System allows Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS. This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
Drupal CivicTheme Design System allows Forceful Browsing
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing. This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12082
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12082
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12083
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12083
The CVE-2025-12083 entry concerns Drupal CivicTheme Design System prior to 1.12.0. The root cause is improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected component: CivicTheme Design System (Twig rendering paths) with input not adequately sani...
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12082
Summary of CVE-2025-12082 : Affected software is the Drupal CivicTheme Design System. The root cause is an incorrect authorization check that enables forceful browsing. This vulnerability allows disclosure of information via UI components (cards) that render content the user should not access. Im...
CVE-2025-12082 CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12082 CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
PT-2025-44361
Name of the Vulnerable Software and Affected Versions Drupal CivicTheme Design System versions prior to 1.12.0 Description A flaw exists in the CivicTheme Design System that allows for Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. The...
PT-2025-44360
Name of the Vulnerable Software and Affected Versions Drupal CivicTheme Design System versions prior to 1.12.0 Description An incorrect authorization issue exists in the CivicTheme Design System that allows for forceful browsing. This occurs due to insufficient access controls, potentially allowi...
Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure vulnerability discovered by Lee Rowlands larowlan in WordPress Module CivicTheme Design System versions 1.12.0...
Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by Adam Bramley acbramley in WordPress Module CivicTheme Design System versions 1.12.0...
CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. The theme doesn't sufficiently check access to entities when they are displayed as reference cards used in manu...