14 matches found
EUVD-2014-7829
Malware in sbrugna...
EUVD-2013-4174
Malware in sbrugna...
CVE-2014-7980
Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...
CVE-2013-4275
Cross-site scripting XSS vulnerability in the zenbreadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the...
Cross site scripting
Cross-site scripting XSS vulnerability in the zenbreadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the...
CVE-2013-4275
Cross-site scripting XSS vulnerability in the zenbreadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the...
CVE-2013-4275
The Drupal Zen theme vulnerability CVE-2013-4275 affects Zen 6.x-1.x; 7.x-3.x before 7.x-3.2; and 7.x-5.x before 7.x-5.4. The root cause is a missing escape in zen_breadcrumb (template.php) for the breadcrumb separator field, allowing remote authenticated users with the administer themes permissi...
CVE-2014-7980
Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...
CVE-2014-7980
Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...
CVE-2014-7980
Zen theme for Drupal 7.x is affected by CVE-2014-7980, with multiple XSS vulnerabilities in template.php. The issues allow remote authenticated users with the administer themes permission to inject arbitrary script/HTML via skip_link_text and other theme settings. Affected versions: Zen 7.x-5.x b...
WordPress Studio Zen Theme - Multiple Vulnerabilities
The attack vector requires separate vulnerability at target site to conduct CS and XSS attacks with using of jPlayer. Also, there are a full path disclosure vulnerability in this theme. Solution Update the theme...
SA-CONTRIB-2014-047 - Zen - Cross Site Scripting
The Zen theme is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. The theme does not properly sanitize theme settings before they are used in the output of a page. Themes that have copied code from Zen's template.php may suffer from this same issue. If you...
SA-CONTRIB-2013-070 - Zen - Cross Site Scripting
The Zen theme is a very popular base/starter theme. Zen doesn't sufficiently escape the breadcrumb separator field, allowing a possible XSS exploit. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...