CVE-2015-4346

Name of the Vulnerable Software and Affected Versions Drupal SMS Framework module versions 6.x-1.x before 6.x-1.1

Description A cross-site scripting (XSS) issue exists in the SMS Framework module for Drupal. This occurs when the "Send to phone" submodule is enabled, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.

Recommendations For Drupal SMS Framework module versions 6.x-1.x before 6.x-1.1, update to version 6.x-1.1 or later to resolve the issue. As a temporary workaround, consider disabling the "Send to phone" submodule until a patch is applied.