3 matches found
CVE-2014-8076
Cross-site scripting XSS vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information...
CVE-2014-8076
Cross-site scripting XSS vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information...
CVE-2014-8076
The CVE-2014-8076 entry concerns the Professional Theme for Drupal 7.x (before 7.x-2.04). The vulnerability is an XSS flaw in theme settings related to custom copyright information, exploitable by remote authenticated users who have the administer themes permission. Impact is that arbitrary scrip...