2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.967 High
EPSS
Percentile
99.7%
SMS Framework module enables you to send and receive SMS messages from and into Drupal.
The module doesn’t sufficiently sanitize user supplied text in message previews, thereby exposing a reflected Cross Site Scripting vulnerability. An attacker could exploit this vulnerability by getting the victim to visit a specially-crafted URL.
This vulnerability is mitigated by the fact that the “Send to phone” submodule must be enabled.
Drupal core is not affected. If you do not use the contributed SMS Framework module, there is nothing you need to do.
Install the latest version:
Also see the SMS Framework project page.