News Document Title:
====================
Bug fixes in Drupal Premium News_Center Template module


Release Date:
=============
2014-03-24


Laboratory Article:
===================
Today in the morning a minor severity issue has been reported in the external magazine server of our network. The magazine website impact 
the new modules of the eckeditor as plugin and of course the drupal core.

Our community uses the commercial premium drupal theme news_center. In the 3rd party template are some sample files replaced by the developers 
to proof. Exactly inside in the 3rd party samples files of the eckeditor module is a non persistent issue located. The request method to exploit 
the vulnerability was located on the client-side. The injection request method to exploit was GET and the priority of the issue was low(+).

Thanks for the quick report and also the coordinated disclosure. Acknowledged by the Vulnerability Laboratory Team!

Affected Domain(s):
www.vulnerability-db.com (external)

Severity:
Low(+)

Vulnerability:
ClickJacking & Cross Site Scripting

Request Method(s):
client-side (non-persistent)

Vulnerable Template: (default)
http://www.themesnap.com/premium-drupal-themes/newscenter.html

Affected Path:
/var/www/xpath/web-server.com/httpdocs/magazine/sites/all/modules/ckeditor/ckeditor/ckeditor/_samples/

Affected File(s):
api.html

Security Acknowledgment(s):
Deepanker Arora