NVD

Id
35693  
Name
CVE-2014-8746  
Description
Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-10-13  
Modified Date
2014-10-15  
Seq
2014-8746  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
182845 35693 CVE-2014-8746 skeleton-drupal-xss(92529)  View
182846 35693 CVE-2014-8746 https://www.drupal.org/node/2236259  View
182847 35693 CVE-2014-8746 https://www.drupal.org/node/2236821  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
15955 JVNDB-2014-004830 Drupal 用 Skeleton テーマにおけるクロスサイトスクリプティングの脆弱性 Drupal 用 Skeleton テーマには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-8746 76039 CVE-2014-8746 35693 3.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004830.html 2014-04-08 2014-10-20 View