An attacker is able to inject javascript while using the contact form.
The problem is fixed in 1.7.6.8
Cross-site Scripting (XSS) - Stored (CWE-79)
Impact
An attacker is able to inject javascript while using the contact form.
Patches
The problem is fixed in 1.7.6.8
References
Cross-site Scripting (XSS) - Stored (CWE-79)