Cross site scripting

Cross-site scripting XSS vulnerability in the TinyBox Simple Splash module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors...