3 matches found
CVE-2013-1905
Cross-site scripting XSS vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-1905
The CVE-2013-1905 entry corresponds to a real XSS vulnerability in the Zero Point Drupal theme (7.x-1.x) prior to version 7.x-1.9. The issue arises because the theme does not escape user-supplied text, enabling remote attackers to inject arbitrary script/HTML via untrusted input (e.g., in URLs). ...
SA-CONTRIB-2013-036 - Zero Point - Cross Site Scripting (XSS)
Zero Point is a theme which includes many options, ideal for a wide range of sites. The theme does not escape user supplied text which creates a reflected Cross site scripting XSS vulnerability in URLs. There are no mitigating factors. CVE identifiers issued CVE-2013-1905 Versions affected...