CVE-2013-4138

Alienwp Hatch - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Patch] https://drupal.org/node/2038189

[Vendor Advisory] https://drupal.org/node/2038363

[Mailing List] http://www.openwall.com/lists/oss-security/2013/07/17/1

Scores

EPSS 0.0021

EPSS Percentile 43.1%

Details

CWE

CWE-79

Status published

Products (6)

alienwp/hatch

n/a/n/a

Published Aug 28, 2013

Tracked Since Feb 18, 2026