CVE-2012-4497

Name of the Vulnerable Software and Affected Versions Elegant Theme module versions prior to 7.x-1.1

Description The issue is related to a cross-site scripting (XSS) vulnerability in the "3 slide gallery" of the Elegant Theme module. This allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL.

Recommendations For Elegant Theme module versions prior to 7.x-1.1, update to version 7.x-1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "3 slide gallery" feature for users with the "administer themes" permission until the update is applied.