CVE-2009-4042
RootCandy theme <6.x-1.5 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
References (7)
Scores
EPSS
0.0040
EPSS Percentile
60.6%
Classification
CWE
CWE-79
Status
published
Affected Products (16)
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
marek_sotak/rootcandy
... and 1 more
Timeline
Published
Nov 20, 2009
Tracked Since
Feb 18, 2026