CVE-2014-4303
CVE-2014-4303 affects the Drupal Touch theme (7.x-1.x) prior to 7.x-1.9. The vulnerability arises because the theme does not sufficiently sanitize input for Twitter and Facebook username settings, enabling cross-site scripting (XSS) by authenticated administrators with the Administer themes permi...