EUVD-2014-4231

Malware in sbrugna...

CVE-2014-4303

Multiple cross-site scripting XSS vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the 1 Twitter and 2 Facebook username settings...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the 1 Twitter and 2 Facebook username settings...

CVE-2014-4303

Multiple cross-site scripting XSS vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the 1 Twitter and 2 Facebook username settings...

CVE-2014-4303

CVE-2014-4303 affects the Drupal Touch theme (7.x-1.x) prior to 7.x-1.9. The vulnerability arises because the theme does not sufficiently sanitize input for Twitter and Facebook username settings, enabling cross-site scripting (XSS) by authenticated administrators with the Administer themes permi...

SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS)

Touch Theme is a light weight theme with modern look and feel. The theme does not sufficiently sanitize theme settings input for Twitter and Facebook username. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes". CVE identifiers...