4 matches found
CVE-2012-4497
Cross-site scripting XSS vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL...
Cross site scripting
Cross-site scripting XSS vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL...
CVE-2012-4497
The CVE-2012-4497 entry describes a Cross-site Scripting (XSS) vulnerability in the Drupal module Elegant Theme, specifically within the "3 slide gallery" in the 7.x-1.x line before 7.x-1.1. Affected component: Elegant Theme module (Drupal 7.x-1.x, prior to 7.x-1.1) where the slide URL is the vec...
SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS)
Elegant Theme is a light weight Drupal 7 theme with a modern look and feel. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have ...