CVE-2009-4369
EUVD-2009-433721.12.2009, 16:30
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| drupal | drupal | 5.0 |
| drupal | drupal | 5.0:beta1 |
| drupal | drupal | 5.0:beta2 |
| drupal | drupal | 5.0:rc1 |
| drupal | drupal | 5.0:rc2 |
| drupal | drupal | 5.1 |
| drupal | drupal | 5.2 |
| drupal | drupal | 5.4 |
| drupal | drupal | 5.5 |
| drupal | drupal | 5.6 |
| drupal | drupal | 5.7 |
| drupal | drupal | 5.8 |
| drupal | drupal | 5.9 |
| drupal | drupal | 5.10 |
| drupal | drupal | 5.11 |
| drupal | drupal | 5.12 |
| drupal | drupal | 5.13 |
| drupal | drupal | 5.14 |
| drupal | drupal | 5.15 |
| drupal | drupal | 5.16 |
| drupal | drupal | 5.17 |
| drupal | drupal | 5.18 |
| drupal | drupal | 5.19 |
| drupal | drupal | 5.20 |
| drupal | drupal | 5.x:x |
| drupal | drupal | 6.0 |
| drupal | drupal | 6.0:beta1 |
| drupal | drupal | 6.0:beta2 |
| drupal | drupal | 6.0:beta3 |
| drupal | drupal | 6.0:beta4 |
| drupal | drupal | 6.0:rc-1 |
| drupal | drupal | 6.0:rc-2 |
| drupal | drupal | 6.0:rc-3 |
| drupal | drupal | 6.0:rc-4 |
| drupal | drupal | 6.1 |
| drupal | drupal | 6.2 |
| drupal | drupal | 6.3 |
| drupal | drupal | 6.4 |
| drupal | drupal | 6.5 |
| drupal | drupal | 6.6 |
| drupal | drupal | 6.7 |
| drupal | drupal | 6.8 |
| drupal | drupal | 6.9 |
| drupal | drupal | 6.10 |
| drupal | drupal | 6.11 |
| drupal | drupal | 6.12 |
| drupal | drupal | 6.13 |
| drupal | drupal | 6.14 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References