3 matches found
CVE-2014-7980
Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...
CVE-2014-7980
Zen theme for Drupal 7.x is affected by CVE-2014-7980, with multiple XSS vulnerabilities in template.php. The issues allow remote authenticated users with the administer themes permission to inject arbitrary script/HTML via skip_link_text and other theme settings. Affected versions: Zen 7.x-5.x b...
SA-CONTRIB-2014-047 - Zen - Cross Site Scripting
The Zen theme is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. The theme does not properly sanitize theme settings before they are used in the output of a page. Themes that have copied code from Zen's template.php may suffer from this same issue. If you...