CVE-2008-5996

Name of the Vulnerable Software and Affected Versions Simplenews module versions 5.x before 5.x-1.5 Simplenews module versions 6.x before 6.x-1.0-beta4

Description The issue allows remote authenticated users with "administer taxonomy" permissions to inject arbitrary web script or HTML via a Newsletter category field. This is a cross-site scripting (XSS) vulnerability.

Recommendations For Simplenews module versions 5.x before 5.x-1.5, update to version 5.x-1.5 or later. For Simplenews module versions 6.x before 6.x-1.0-beta4, update to version 6.x-1.0-beta4 or later.