Lucene search

[email protected]CVE-2014-8746

HistoryOct 13, 2014 - 6:55 p.m.

CVE-2014-8746

2014-10-1318:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8746

cross-site scripting

xss

skeleton theme

drupal

nvd

security vulnerability

administer themes permission

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to theme settings.

Affected configurations

NVD

Node

drupalskeleton_themeMatch7.x-1.2

drupalskeleton_themeMatch7.x-1.3

CPENameOperatorVersion
drupal:skeleton_themedrupal skeleton themeeq7.x-1.2
drupal:skeleton_themedrupal skeleton themeeq7.x-1.3

CPE	Name	Operator	Version
drupal:skeleton_theme	drupal skeleton theme	eq	7.x-1.2
drupal:skeleton_theme	drupal skeleton theme	eq	7.x-1.3

References

secunia.com/advisories/57831

exchange.xforce.ibmcloud.com/vulnerabilities/92529

www.drupal.org/node/2236259

www.drupal.org/node/2236821

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for CVE-2014-8746

prion1 cvelist1 nvd1