3 matches found
CVE-2013-1784
Cross-site scripting XSS vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-1784
CVE-2013-1784 affects the Drupal contributed Clean Theme, specifically the 3-slide gallery. The vulnerability exists in versions prior to Clean Theme 7.x-1.3, where user-entered content on the homepage gallery is not properly sanitized. This allows remote authenticated users who have the administ...
SA-CONTRIB-2013-030 - Clean Theme - Cross Site Scripting (XSS)
This third-party contributed theme change Drupal's interface. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have to have the...