Launchpad.net

CVE 2009-4369

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.

Related bugs and status

CVE-2009-4369 (Candidate) is related to these bugs:

Bug #510421: Drupal 6.15 - Security patches released

		In	Importance	Status
510421	Drupal 6.15 - Security patches released	drupal6 (Ubuntu)	Low	Fix Released
510421	Drupal 6.15 - Security patches released	drupal6 (Ubuntu Jaunty)	Undecided	Fix Released
510421	Drupal 6.15 - Security patches released	drupal6 (Ubuntu Karmic)	Undecided	Fix Released
510421	Drupal 6.15 - Security patches released	drupal6 (Ubuntu Lucid)	Low	Fix Released
510421	Drupal 6.15 - Security patches released	drupal5 (Ubuntu)	Undecided	Invalid
510421	Drupal 6.15 - Security patches released	drupal5 (Ubuntu Jaunty)	Undecided	Fix Released
510421	Drupal 6.15 - Security patches released	drupal5 (Ubuntu Karmic)	Undecided	Fix Released
510421	Drupal 6.15 - Security patches released	drupal5 (Ubuntu Lucid)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-4369

Related bugs and status

Related bugs

References