2 results (0.010 seconds)

CVSS: 2.6EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings. Vulnerabilidad de XSS en el tema MAYO 7.x-1.x en versiones anteriores a 7.x-1.4 y 7.x-2.x en versiones anteriores a 7.x-2.6 para Drupal permite a administradores remotos con el permiso 'Administer themes' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados relacionado con ajustes de tema. • https://www.drupal.org/node/2613046 https://www.drupal.org/node/2613048 https://www.drupal.org/node/2613424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting. Vulnerabilidad de XSS en el tema MAYO 7.x-1.x anterior a 7.x-1.3 para Drupal permite a usuarios remotos autenticados con los permisos 'administrar temas' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la configuración de la cabecera en segundo plano. • http://osvdb.org/103261 http://secunia.com/advisories/56876 http://www.securityfocus.com/bid/65523 https://drupal.org/node/2194135 https://exchange.xforce.ibmcloud.com/vulnerabilities/91154 https://www.drupal.org/node/2193987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •