First published: Mon Oct 13 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Drupal Skeleton Theme | =7.x-1.2 | |
Drupal Skeleton Theme | =7.x-1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.