EUVD-2014-7925

Malware in sbrugna...

EUVD-2013-1805

Malware in sbrugna...

CVE-2013-1781

Cross-site scripting XSS vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-8076

Cross-site scripting XSS vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information...

CVE-2014-8076

Cross-site scripting XSS vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information...

CVE-2014-8076

The CVE-2014-8076 entry concerns the Professional Theme for Drupal 7.x (before 7.x-2.04). The vulnerability is an XSS flaw in theme settings related to custom copyright information, exploitable by remote authenticated users who have the administer themes permission. Impact is that arbitrary scrip...

SA-CONTRIB-2014-044 - Professional Theme - Cross Site Scripting (XSS)

Professional Theme is a modern and professional Drupal theme. The theme does not sufficiently sanitize theme settings input for custom copyright information This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes". CVE identifiers issue...

CVE-2013-1781

Cross-site scripting XSS vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-1781

The CVE-2013-1781 entry affects Drupal’s Professional Theme prior to 7.x-1.4. The vulnerability is an XSS in the 3 slide gallery where unsanitized user content can be injected by remote authenticated users with administer themes permission via unspecified vectors. Affected software: Professional ...

CVE-2013-1781

Cross-site scripting XSS vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...

SA-CONTRIB-2013-027 - Professional theme - Cross Site Scripting (XSS)

This third-party contributed theme change Drupal's interface. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have to have the...