CVE-2008-5996

Simplenews <6.x-1.0-beta4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.

References (4)

[Patch, Vendor Advisory] http://drupal.org/node/312944

[Vendor Advisory] http://secunia.com/advisories/32022

[Patch] http://www.securityfocus.com/bid/31377

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45407

Scores

EPSS 0.0013

EPSS Percentile 31.6%

Classification

CWE

CWE-79

Status published

Affected Products (15)

link3/simplenews < 5.x-1.4

link3/simplenews < 6.x-1.0

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

link3/simplenews

n/a/n/a

Timeline

Published Jan 28, 2009

Tracked Since Feb 18, 2026