CVE-2014-8746 Information

Description

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4 for Drupal allows remote authenticated users with the \administer themes\ permission to inject arbitrary web script or HTML via vectors related to theme settings.

Reference

http://secunia.com/advisories/57831 https://exchange.xforce.ibmcloud.com/vulnerabilities/92529 https://www.drupal.org/node/2236259 https://www.drupal.org/node/2236821