Vulnerabilities > Simple Subscription Project > Simple Subscription > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-15 | CVE-2015-4367 | Cross-site Scripting vulnerability in Simple Subscription Project Simple Subscription 6.X1.0/7.X1.0 Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content. | 3.5 |