Drupal Zen third party module version 7.x suffers from a cross site scripting vulnerability…. Drupal Zen third party module version 7.x suffers from a cross site scripting vulnerability.

Read more http://packetstormsecurity.com/files/122911/DRUPAL-SA-CONTRIB-2013-070.txt