CVE-2015-8233
https://notcve.org/view.php?id=CVE-2015-8233
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings. Vulnerabilidad de XSS en el tema MAYO 7.x-1.x en versiones anteriores a 7.x-1.4 y 7.x-2.x en versiones anteriores a 7.x-2.6 para Drupal permite a administradores remotos con el permiso 'Administer themes' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados relacionado con ajustes de tema. • https://www.drupal.org/node/2613046 https://www.drupal.org/node/2613048 https://www.drupal.org/node/2613424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •