50 matches found
EUVD-2014-7926
Malware in sbrugna...
EUVD-2014-4231
Malware in sbrugna...
EUVD-2013-1803
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in the zenbreadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the...
CVE-2013-4275
The Drupal Zen theme vulnerability CVE-2013-4275 affects Zen 6.x-1.x; 7.x-3.x before 7.x-3.2; and 7.x-5.x before 7.x-5.4. The root cause is a missing escape in zen_breadcrumb (template.php) for the breadcrumb separator field, allowing remote authenticated users with the administer themes permissi...
CVE-2013-4275
Cross-site scripting XSS vulnerability in the zenbreadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the...
DRUPAL-CORE-2019-007
This security release fixes third-party dependencies included in or required by Drupal core. As described in TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor: In order to intercept file invocations like file\exists or stat on compromised Phar archives the base name has...
CVE-2015-8233
The MAYO Drupal theme (7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6) is affected by an XSS vulnerability. Root cause: insufficient sanitization in theme settings that remote administrators with the Administer themes permission can exploit to inject arbitrary script/HTML. Impact: potential fo...
CVE-2014-8746
Cross-site scripting XSS vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...
Cross site scripting
Cross-site scripting XSS vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...
CVE-2014-8746
Cross-site scripting XSS vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...
CVE-2014-8746
The CVE-2014-8746 entry refers to a Cross-site scripting (XSS) vulnerability in the Skeleton theme for Drupal, affecting versions 7.x-1.2 through 7.x-1.3 prior to 7.x-1.4. The issue allows remote authenticated users who have the "administer themes" permission to inject arbitrary web script or HTM...
CVE-2014-8077
Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...
CVE-2014-8076
Cross-site scripting XSS vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information...
Cross site scripting
Cross-site scripting XSS vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information...
Cross site scripting
Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...
CVE-2014-8079
Cross-site scripting XSS vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting...
CVE-2014-8076
Cross-site scripting XSS vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information...
CVE-2014-8077
Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...
Cross site scripting
Cross-site scripting XSS vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...