SA-CONTRIB-2009-099 - RootCandy Theme - Cross Site Scripting
RootCandy is a theme specifically designed for use in the administration section. The theme fails to sanitize a URL value, leading to a Cross Site Scripting XSS vulnerability. Versions affected RootCandy theme for Drupal 6.x prior to RootCandy 6.x-1.5 Drupal core is not affected. If you do not us...