Описание
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 5.7-1ubuntu1.2 |
| intrepid | released | 5.10-1ubuntu1.1 |
| jaunty | released | 5.15-1ubuntu1.2 |
| karmic | released | 5.18-1.1ubuntu2.1 |
| upstream | released | 5.21 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6.15-1 |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 6.10-1ubuntu0.2 |
| karmic | released | 6.12-1.1ubuntu1.1 |
| upstream | released | 6.15 |
Показывать по
Ссылки на источники
EPSS
3.5 Low
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.
Cross-site scripting (XSS) vulnerability in the Contact module (module ...
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.
EPSS
3.5 Low
CVSS2