3 matches found
CVE-2014-8079
Cross-site scripting XSS vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting...
CVE-2014-8079
The Mayo contributed theme for Drupal 7.x (versions prior to 7.x-1.3) is affected by an XSS vulnerability. Root cause: theme settings allow linking to a header background file with insufficient sanitization, enabling arbitrary script/HTML injection. Impact: remote authenticated users with the adm...
SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability
The theme settings allow you to link to a header background file. A URL could be entered that was not properly sanitized leading to XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...