Richard Gaunt

**Name of the Vulnerable Software and Affected Versions** Drupal CivicTheme Design System versions prior to 1.12.0 **Description** An incorrect authorization issue exists in the CivicTheme Design System that allows for forceful browsing. This occurs due to insufficient access controls, potentially allowing unauthorized access to resources. **Recommendations** Update to version 1.12.0 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal CivicTheme Design System versions prior to 1.12.0 **Description** A flaw exists in the CivicTheme Design System that allows for Cross-Site Scripting (XSS). This occurs due to improper neutralization of input during web page generation. The issue impacts the way user-supplied data is handled, potentially allowing attackers to inject malicious scripts into web pages viewed by other users. **Recommendations** Update to CivicTheme Design System version 1.12.0 or later.