Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Drupal
Drupaladded 2014/06/11 12:0 a.m.14 views

SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS)

Touch Theme is a light weight theme with modern look and feel. The theme does not sufficiently sanitize theme settings input for Twitter and Facebook username. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes". CVE identifiers...

2.1CVSS6.4AI score0.00366EPSS
Exploits0References10
Drupal
Drupaladded 2014/04/30 12:0 a.m.20 views

SA-CONTRIB-2014-047 - Zen - Cross Site Scripting

The Zen theme is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. The theme does not properly sanitize theme settings before they are used in the output of a page. Themes that have copied code from Zen's template.php may suffer from this same issue. If you...

3.5CVSS5.8AI score0.00232EPSS
Exploits0References10
Drupal
Drupaladded 2014/04/23 12:0 a.m.18 views

SA-CONTRIB-2014-043 - Custom Search - Cross Site Scripting (XSS)

The Custom Search module alters the default search box to provide some options like in advanced search, but directly in the search box. The module doesn't sanitize taxonomy vocabulary labels before display leading to a persistent cross site scripting XSS vulnerability. This vulnerability is...

3.5CVSS5.5AI score0.00335EPSS
Exploits0References11
Drupal
Drupaladded 2014/04/09 12:0 a.m.18 views

SA-CONTRIB-2014-038 - SimpleCorp theme - Cross Site Scripting

SimpleCorp theme is a free responsive Drupal theme. The SimpleCorp theme does not properly sanitize theme settings before they are used in the output of a page. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers...

3.5CVSS6.4AI score0.00232EPSS
Exploits0References11
Drupal
Drupaladded 2014/03/05 12:0 a.m.20 views

SA-CONTRIB-2014-027 - NewsFlash Theme - XSS

Newsflash is a theme that features 7 color styles, 12 collapsible regions, suckerfish menus, fluid or fixed widths, built-in IE transparent PNG fix, and lots more. The theme does not sanitize the user provided theme setting for the font family CSS property, thereby exposing a cross-site scripting...

3.5CVSS5.6AI score0.00335EPSS
Exploits0References10
Drupal
Drupaladded 2013/03/27 12:0 a.m.14 views

SA-CONTRIB-2013-036 - Zero Point - Cross Site Scripting (XSS)

Zero Point is a theme which includes many options, ideal for a wide range of sites. The theme does not escape user supplied text which creates a reflected Cross site scripting XSS vulnerability in URLs. There are no mitigating factors. CVE identifiers issued CVE-2013-1905 Versions affected...

4.3CVSS5.5AI score0.00467EPSS
Exploits0References9
Rows per page
Query Builder