CVE-2014-8077
The CVE-2014-8077 entry concerns the NewsFlash theme for Drupal (versions 6.x-1.x prior to 6.x-1.7 and 7.x-1.x prior to 7.x-2.5). The underlying issue is insufficient sanitization of the font family CSS property in user-provided theme settings, enabling an XSS vector. Impact is limited to remote ...