EUVD-2014-7926

Malware in sbrugna...

NewsFlash - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-049

This theme features 7 color styles, 12 collapsible regions, suckerfish menus, fluid or fixed widths, and lots more. The theme doesn't sufficiently sanitize user input. This vulnerability is mitigated by the fact that the theme is only exploitable with non-default settings and under certain site...

CVE-2014-8077

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

Cross site scripting

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

CVE-2014-8077

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

CVE-2014-8077

The CVE-2014-8077 entry concerns the NewsFlash theme for Drupal (versions 6.x-1.x prior to 6.x-1.7 and 7.x-1.x prior to 7.x-2.5). The underlying issue is insufficient sanitization of the font family CSS property in user-provided theme settings, enabling an XSS vector. Impact is limited to remote ...