EUVD-2026-15467

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

Drupal Theme Negotiation by Rules 安全漏洞

Drupal Theme Negotiation by Rules is a content management system module developed by Drupal that dynamically selects website theme styles based on rules. Versions of Drupal Theme Negotiation by Rules prior to 1.2.1 contained security vulnerabilities, which were caused by susceptibility to...

CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112

CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. The theme doesn't sufficiently check access to entities when they are displayed as reference cards used in manu...

EUVD-2013-1809

Malware in sbrugna...

CVE-2013-1785

Cross-site scripting XSS vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-7980

Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...

DRUPAL-CONTRIB-2022-027

The GOV.UK Theme govuktheme is a Drupal theme for the GOV.UK Design System. The theme doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting XSS vulnerabilities. An attacker that can create or edit certain entities or configuration may be able to exploit one or more...

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in. The module doesn't sufficiently filter menu titles when used in a dropdown in the main menu. This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the...

CVE-2012-2715

Cross-site scripting XSS vulnerability in the themeslinks function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links...

Ubuntu Drupal Theme - Brown images/layout/gradient.php File Disclosure

The version of the Ubuntu Drupal Theme - Brown installed on the Drupal install on the remote host does not properly sanitize user-supplied input to the 'start' and 'end' parameters of the 'images/layout/gradient.php' script before using it to return the contents of a file. A remote, unauthenticat...

SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure

This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable b...