2 matches found
CVE-2013-1781
The CVE-2013-1781 entry affects Drupal’s Professional Theme prior to 7.x-1.4. The vulnerability is an XSS in the 3 slide gallery where unsanitized user content can be injected by remote authenticated users with administer themes permission via unspecified vectors. Affected software: Professional ...
SA-CONTRIB-2013-027 - Professional theme - Cross Site Scripting (XSS)
This third-party contributed theme change Drupal's interface. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have to have the...