2 matches found
CVE-2013-4275
The Drupal Zen theme vulnerability CVE-2013-4275 affects Zen 6.x-1.x; 7.x-3.x before 7.x-3.2; and 7.x-5.x before 7.x-5.4. The root cause is a missing escape in zen_breadcrumb (template.php) for the breadcrumb separator field, allowing remote authenticated users with the administer themes permissi...
SA-CONTRIB-2013-070 - Zen - Cross Site Scripting
The Zen theme is a very popular base/starter theme. Zen doesn't sufficiently escape the breadcrumb separator field, allowing a possible XSS exploit. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...