CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7979
https://notcve.org/view.php?id=CVE-2014-7979
Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. Vulnerabilidad de XSS en el tema SimpleCorp 7.x-1.x anterior a 7.x-1.1 para Drupal permite a usuarios remotos autenticadoscon permisos de administración de temas inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con las configuraciones de temas. • http://secunia.com/advisories/57828 http://www.securityfocus.com/bid/66768 https://drupal.org/node/2236811 https://exchange.xforce.ibmcloud.com/vulnerabilities/92530 https://www.drupal.org/node/2236255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •