EUVD-2015-4369

Malware in sbrugna...

CVE-2015-4346

Cross-site scripting XSS vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews...

Cross site scripting

Cross-site scripting XSS vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews...

CVE-2015-4346

Cross-site scripting XSS vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews...

CVE-2015-4346

The CVE-2015-4346 entry describes a Cross-site scripting (XSS) vulnerability in Drupal’s SMS Framework module (6.x-1.x) prior to 6.x-1.1 when the Send to phone submodule is enabled. The root cause is insufficient sanitization of user-supplied text in message previews, allowing remote attackers to...

SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS)

SMS Framework module enables you to send and receive SMS messages from and into Drupal. The module doesn't sufficiently sanitize user supplied text in message previews, thereby exposing a reflected Cross Site Scripting vulnerability. An attacker could exploit this vulnerability by getting the...