ho hum
XSS vulnerabilities are commonly and frequently found in contributed module code. They are usually plugged with a module update without any exploits.
The Webform Report module was pulled from release for a very minor vulnerability, and has been fixed and reactivated. I kept 4 sites using the "vulnerable" version with no mishaps until the patched version came available.
Compared to the Twitter followers bug, this is a minor problem and will be corrected through routine maintenance and code upgrades.
Biting the hand that feeds IT
