[Security-news] Beale Street - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-048
security-news at drupal.org
security-news at drupal.org
Wed Jul 11 17:03:29 UTC 2018
View online: https://www.drupal.org/sa-contrib-2018-048
Project: Beale Street [1]
Date: 2018-July-11
Security risk: *Moderately critical* 13∕25
AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Cross Site Scripting
Description:
This theme features 4 built-in color styles, 18 collapsible regions,
Suckerfish menus, flexible widths, adjustable sidebars, configurable font
family, and lots more.
The theme doesn't sufficiently sanitize user input.
This vulnerability is mitigated by the fact that the theme is not exploitable
under common site configurations.
Solution:
* If you use the Beale Street theme for Drupal 7.x, upgrade to Beale Street
7.x-1.2 [3]
Also see the Beale Street [4] project page.
Reported By:
* Drew Webber [5]
Fixed By:
* Kisugi Ai [6]
Coordinated By:
* Michael Hess [7] of the Drupal Security Team
[1] https://www.drupal.org/project/bealestreet
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/bealestreet/releases/7.x-1.2
[4] https://www.drupal.org/project/bealestreet
[5] https://www.drupal.org/user/255969
[6] https://www.drupal.org/user/1284976
[7] https://www.drupal.org/u/mlhess
More information about the Security-news
mailing list