CVE-2012-2071

Name of the Vulnerable Software and Affected Versions Drupal Contact Forms module versions 6.x-1.x before 6.x-1.13

Description A cross-site scripting (XSS) issue exists in the Contact Forms module for Drupal, allowing remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML. This occurs when the core contact form is enabled.

Recommendations For versions 6.x-1.x before 6.x-1.13, update to version 6.x-1.13 or later to resolve the issue. As a temporary workaround, consider restricting the administer site-wide contact form permission to minimize the risk of exploitation.