CVE-2014-7980

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:drupal:zen:7.x-5.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:zen:7.x-5.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:zen:7.x-5.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:zen:7.x-5.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:zen:7.x-3.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:zen:7.x-3.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:zen:7.x-3.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:zen:7.x-5.4:*:*:*:*:*:*:*

Information

Published : 2014-10-08 11:55

Updated : 2014-10-09 08:47


NVD link : CVE-2014-7980

Mitre link : CVE-2014-7980


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

drupal

  • zen