Lucene search
HistoryOct 09, 2014 - 2:55 p.m.
CVE-2014-8076
cve-2014-8076
cross-site scripting
xss
professional theme
drupal
nvd
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.9%
Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to custom copyright information.
Affected configurations
Node
drupalprofessional_themeMatch7.x-1.0
ORdrupalprofessional_themeMatch7.x-1.1
ORdrupalprofessional_themeMatch7.x-1.2
ORdrupalprofessional_themeMatch7.x-1.3
ORdrupalprofessional_themeMatch7.x-1.4
ORdrupalprofessional_themeMatch7.x-1.5
ORdrupalprofessional_themeMatch7.x-1.6
ORdrupalprofessional_themeMatch7.x-1.7
ORdrupalprofessional_themeMatch7.x-1.8
ORdrupalprofessional_themeMatch7.x-1.9
ORdrupalprofessional_themeMatch7.x-1.x-dev
ORdrupalprofessional_themeMatch7.x-2.0
ORdrupalprofessional_themeMatch7.x-2.01
ORdrupalprofessional_themeMatch7.x-2.02
ORdrupalprofessional_themeMatch7.x-2.03
ORdrupalprofessional_themeMatch7.x-2.x-dev
Related
drupal
drupal
SA-CONTRIB-2014-044 - Professional Theme - Cross Site Scripting (XSS)
2014-04-23 00:00:00
prion
prion
Cross site scripting
2014-10-09 14:55:00
cvelist
cvelist
CVE-2014-8076
2014-10-09 14:00:00
nvd
nvd
CVE-2014-8076
2014-10-09 14:55:06
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.9%
Related for CVE-2014-8076