Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the “Send to phone” submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.
CPE | Name | Operator | Version |
---|---|---|---|
sms_framework | eq | 6.0.0-x2.0-alpha1 | |
sms_framework | eq | 6.120.10 | |
sms_framework | eq | 6.120.11 | |
sms_framework | eq | 6.0.0-x2-xdev |