CVE-2013-4447

Name of the Vulnerable Software and Affected Versions Simplenews module versions 6.x-1.x before 6.x-1.5 Simplenews module versions 7.x-1.x before 7.x-1.1

Description A cross-site scripting (XSS) issue exists in the API of the Simplenews module for Drupal, allowing remote attackers to inject arbitrary web script or HTML via an email address.

Recommendations For Simplenews module versions 6.x-1.x before 6.x-1.5, update to version 6.x-1.5 or later. For Simplenews module versions 7.x-1.x before 7.x-1.1, update to version 7.x-1.1 or later.