2 matches found
CVE-2014-4303
CVE-2014-4303 affects the Drupal Touch theme (7.x-1.x) prior to 7.x-1.9. The vulnerability arises because the theme does not sufficiently sanitize input for Twitter and Facebook username settings, enabling cross-site scripting (XSS) by authenticated administrators with the Administer themes permi...
SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS)
Touch Theme is a light weight theme with modern look and feel. The theme does not sufficiently sanitize theme settings input for Twitter and Facebook username. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes". CVE identifiers...