Announcement Announcement Module
Collapse
No announcement yet.
Cross Site Scripting vulnerability in Touch Theme for Drupal Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cross Site Scripting vulnerability in Touch Theme for Drupal

    Cross Site Scripting vulnerability in Touch Theme for Drupal

    Severity Rating: Medium

    System Affected
    • Touch 7.x-1.x versions prior to 7.x-1.9.

    Overview

    A vulnerability has been reported in Touch theme for Drupal which could be exploited by a remote attacker to conduct Cross-Site Scripting (XSS) attacks on the targeted system.

    Description

    The vulnerability exists because the Touch theme for Drupal does not sufficiently sanitize theme settings input for Twitter and Facebook username.
    A remote attacker could exploit this vulnerability to execute an arbitrary HTML and script code in a user's browser session by leveraging a user to view the malicious data in context of the affected site.

    Successful exploitation of this vulnerability requires a role with the permission "administer theme".

    Solution

    Update to version 7.x-1.9.
    https://drupal.org/node/2269483

    Vendor Information
    Drupal
    https://drupal.org/node/2284415

    References
    Drupal
    https://drupal.org/node/2284415

    Secure List
    https://www.securelist.com/en/advisories/58828
Working...
X