Drupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.