Unrated severityNVD Advisory· Published Aug 14, 2012· Updated Jun 16, 2026
CVE-2012-2071
CVE-2012-2071
Description
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:geoff_davies:contact_forms:6.x-1.1:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.10:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.11:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.12:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.6:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.7:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.8:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.9:*:*:*:*:*:*:*
- cpe:2.3:a:geoff_davies:contact_forms:6.x-1.x:dev:*:*:*:*:*:*
- Range: >=6.x-1.0, <=6.x-1.12
Patches
Vulnerability mechanics
References
7- drupal.org/node/1506330nvdPatch
- drupal.org/node/1506404nvdPatchVendor Advisory
- secunia.com/advisories/48583nvdVendor Advisory
- osvdb.org/80674nvd
- www.openwall.com/lists/oss-security/2012/04/07/1nvd
- www.securityfocus.com/bid/52801nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/74467nvd
News mentions
0No linked articles in our index yet.