SA-CORE-2009-009 – Drupal Core – Cross site scripting
Advisory ID: DRUPAL-SA-CORE-2009-009 Project: Drupal core Version: 5.x, 6.x Date: 2009-December-16 Security risk: Not critical Exploitable from: Remote Vulnerability: Cross site scripting Description Multiple vulnerabilities were discovered in Drupal. Contact category name cross-site scripting The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script …