CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-8077
https://notcve.org/view.php?id=CVE-2014-8077
Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property. Vulnerabilidad de XSS en el tema NewsFlash 6.x-1.x anterior a 6.x-1.7 y 7.x-1.x anterior a 7.x-2.5 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar temas' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la propiedad CSS de familias de fuentes. • http://secunia.com/advisories/54611 http://www.securityfocus.com/bid/65998 https://exchange.xforce.ibmcloud.com/vulnerabilities/91740 https://www.drupal.org/node/2210619 https://www.drupal.org/node/2210621 https://www.drupal.org/node/2211381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7979
https://notcve.org/view.php?id=CVE-2014-7979
Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. Vulnerabilidad de XSS en el tema SimpleCorp 7.x-1.x anterior a 7.x-1.1 para Drupal permite a usuarios remotos autenticadoscon permisos de administración de temas inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con las configuraciones de temas. • http://secunia.com/advisories/57828 http://www.securityfocus.com/bid/66768 https://drupal.org/node/2236811 https://exchange.xforce.ibmcloud.com/vulnerabilities/92530 https://www.drupal.org/node/2236255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7978
https://notcve.org/view.php?id=CVE-2014-7978
Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. Vulnerabilidad de XSS en el tema BlueMasters 7.x-2.x anterior a 7.x-2.1 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar temas' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con las configuraciones de temas. • http://secunia.com/advisories/57829 http://www.securityfocus.com/bid/66782 https://exchange.xforce.ibmcloud.com/vulnerabilities/92537 https://www.drupal.org/node/2236251 https://www.drupal.org/node/2236797 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7980
https://notcve.org/view.php?id=CVE-2014-7980
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings. Múltiples vulnerabilidades de XSS en template.php en Zen theme 7.x-3.x anterior a 7.x-3.3 y 7.x-5.x anterior a 7.x-5.5 para Drupal permiten a usuarios remotos autenticadoscon permisos de administración de temas inyectar secuencias de comandos web o HTML arbitrarios a través de la configuración skip_link_text y otras configuraciones de temas no especificadas. • http://drupal.org/node/2254925 http://secunia.com/advisories/58318 http://www.securityfocus.com/bid/67175 https://www.drupal.org/node/2254835 https://www.drupal.org/node/2254837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 26EXPL: 0CVE-2014-7870
https://notcve.org/view.php?id=CVE-2014-7870
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results. Vulnerabilidad de XSS en el módulo Custom Search 6.x-1.x anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.14 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar la búsqueda personalizada' inyectar secuencias de comandos web o HTML arbitrarios a través del campo 'etiquetar texto' en admin/config/search/custom_search/results. • http://seclists.org/fulldisclosure/2014/Apr/41 https://www.drupal.org/node/2231531 https://www.drupal.org/node/2231533 https://www.drupal.org/node/2231665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •