EUVD-2012-6419

Malware in sbrugna...

CVE-2012-6572

Cross-site scripting XSS vulnerability in the phptemplatepreprocessnode function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name...

Cross site scripting

Cross-site scripting XSS vulnerability in the phptemplatepreprocessnode function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name...

CVE-2012-6572

The CVE-2012-6572 vulnerability affects the Drupal Inf08 theme (6.x-1.x) prior to 6.x-1.10, where the function phptemplate_preprocess_node in template.php is exploitable. The issue allows remote authenticated users who have the administer taxonomy permission to inject arbitrary web script or HTML...

CVE-2012-6572

Cross-site scripting XSS vulnerability in the phptemplatepreprocessnode function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name...

SA-CONTRIB-2012-140 - Inf08 - Cross Site Scripting (XSS)

Inf08 is a valid XHTML 1.0 Strict / CSS 2.1 theme ported from the free CSS template. The theme contains an arbitrary script injection vulnerability XSS due to the fact that it fails to sanitize user supplied taxonomy vocabulary names before display. This vulnerability is mitigated by the fact tha...