Cross-Site Scripting Vulnerability in NewsFlash Theme for Drupal
CVE-2014-8077

Currently unrated

Key Information:

Vendor

Drupal
Status
Newsflash
Vendor
CVE Published:
9 October 2014

What is CVE-2014-8077?

The NewsFlash theme for Drupal is susceptible to a Cross-Site Scripting (XSS) vulnerability that enables remote authenticated users with 'administer themes' permissions to inject arbitrary JavaScript or HTML. This vulnerability is specifically linked to the font family CSS property and can be exploited via various vectors, allowing attackers to execute malicious scripts in the context of the user's session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/54611
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/91740
vdb-entryx_refsource_XF
https://www.drupal.org/node/2211381
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.