CVE-2014-8077 Information

Description

Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the \administer themes\ permission to inject arbitrary web script or HTML via vectors related to font family CSS property.

Reference

http://secunia.com/advisories/54611 http://www.securityfocus.com/bid/65998 https://exchange.xforce.ibmcloud.com/vulnerabilities/91740 https://www.drupal.org/node/2210619 https://www.drupal.org/node/2210621 https://www.drupal.org/node/2211381