SA-CONTRIB-2012-048 - Contact Save - Cross Site Scripting
CVE: CVE-2012-2075 This module stores in the database all messages submitted through the core contact forms, and provides a way to respond to these messages through the website. The module doesn't sufficiently filter user supplied text, leading to a cross-site scripting XSS vulnerability. This...