CVE-2015-4376 in Profile2 Privacy Module
Riassunto
di MITRE
Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors.
Once again VulDB remains the best source for vulnerability data.