CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-8077
https://notcve.org/view.php?id=CVE-2014-8077
Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property. Vulnerabilidad de XSS en el tema NewsFlash 6.x-1.x anterior a 6.x-1.7 y 7.x-1.x anterior a 7.x-2.5 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar temas' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la propiedad CSS de familias de fuentes. • http://secunia.com/advisories/54611 http://www.securityfocus.com/bid/65998 https://exchange.xforce.ibmcloud.com/vulnerabilities/91740 https://www.drupal.org/node/2210619 https://www.drupal.org/node/2210621 https://www.drupal.org/node/2211381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •