3 matches found
CVE-2015-8233
Cross-site scripting XSS vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings...
CVE-2015-8233
Cross-site scripting XSS vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings...
MAYO theme - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-164
MAYO theme enables you to change certain theme settings via the administration interface. Some theme settings aren't sufficiently sanitized. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes". CVE identifiers issued CVE-2015-8233...