Cross-Site Scripting Vulnerability in Professional Theme for Drupal
CVE-2014-8076

Currently unrated

Key Information:

Vendor

Drupal
Status
Professional Theme
Vendor
CVE Published:
9 October 2014

What is CVE-2014-8076?

A cross-site scripting (XSS) vulnerability exists in the Professional theme for Drupal, specifically in versions prior to 7.x-2.04. This flaw allows remote authenticated users with the 'administer themes' permission to inject malicious web scripts or HTML. The vulnerability is triggered through custom copyright information fields, which can be exploited to execute arbitrary scripts in the context of another user's session. It's crucial for site administrators to promptly update to the latest version to mitigate potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/92755
vdb-entryx_refsource_XF
http://secunia.com/advisories/58233
third-party-advisoryx_refsource_SECUNIA
http://drupal.org/node/2248145
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.