Geoff Davies » Contact Forms : Security Vulnerabilities, CVEs, CVSS score >= 2
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.22%
Published
2012-05-21
Updated
2012-06-28
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.11%
Published
2012-08-14
Updated
2017-08-29
2 vulnerabilities found