An attacker is able to inject javascript while using the contact form.
The problem is fixed in v4.3.0
Cross-site Scripting (XSS) - Stored (CWE-79)
Impact
An attacker is able to inject javascript while using the contact form.
Patches
The problem is fixed in v4.3.0
References
Cross-site Scripting (XSS) - Stored (CWE-79)