Description
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.
Remediation
References
Related Vulnerabilities
phpMyAdmin Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-1000017)
WordPress Plugin Polls CP Unspecified Vulnerability (1.0.17)
Ruby Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22795)
WordPress Plugin Thrive Quiz Builder Security Bypass (2.3.9.3)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2133)