CVE-2014-7980
Published Oct 8, 2014
Last updated 10 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60795E78-971C-41EE-A6F3-0C935324FD99"
},
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "366DB54B-4372-449D-9CE2-059B0A4B636C"
},
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B538F03A-8099-4EA6-B6C9-80B58BDF7A51"
},
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "428C94FC-85CB-43B4-82D7-69D222096F84"
},
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03716B82-65DD-4065-A411-52E92BE44309"
},
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D63E0839-6AA2-4AD6-BC68-FA122434B80B"
},
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13DD3689-44E1-4FBF-9329-023218822B4A"
},
{
"criteria": "cpe:2.3:a:drupal:zen:7.x-5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBC47F4D-98CB-407A-A061-EEBB0E330C13"
}
],
"operator": "OR"
}
]
}
]