Vulnerable Systems:
*Devsaran Business Theme for Drupal 7.x-1.7
Business Theme for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input related to the 3 slide gallery before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.