2 results (0.001 seconds)

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el tema Responsive Blog v7.x-1.x anterior a v7.x-1.6 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores relacionados con los iconos sociales. • http://drupal.org/node/1929396 http://drupal.org/node/1929488 http://drupalcode.org/project/responsive_blog.git/commitdiff/ce47de9 http://osvdb.org/90688 http://secunia.com/advisories/52423 http://www.openwall.com/lists/oss-security/2013/02/28/3 http://www.securityfocus.com/bid/58218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la "galería de 3 diapositivas" del tema Premium Responsive anterior a v7.x-1.4 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1730752 http://drupal.org/node/1929508 http://drupalcode.org/project/responsive.git/commitdiff/1c6fa91 http://drupalcode.org/project/responsive.git/commitdiff/6b593ff http://www.openwall.com/lists/oss-security/2013/02/28/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •