CVE-2008-5996

https://notcve.org/view.php?id=CVE-2008-5996

28 Jan 2009 — Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Simplenews v5.x anterior a v5.x-1.5 y v6.x previo a v6.x-1.0-beta4, para Drupal, permite a usuarios autenticados remotamente con "adminis... • http://drupal.org/node/312944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •