Index: modules/contact/contact.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.admin.inc,v
retrieving revision 1.3
diff -u -p -r1.3 contact.admin.inc
--- modules/contact/contact.admin.inc	9 Nov 2007 07:55:13 -0000	1.3
+++ modules/contact/contact.admin.inc	16 Dec 2009 20:09:37 -0000
@@ -13,7 +13,7 @@ function contact_admin_categories() {
   $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');
   $rows = array();
   while ($category = db_fetch_object($result)) {
-    $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
+    $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
   }
   $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));
 
Index: modules/menu/menu.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu/menu.admin.inc,v
retrieving revision 1.26.2.4
diff -u -p -r1.26.2.4 menu.admin.inc
--- modules/menu/menu.admin.inc	25 Feb 2009 13:15:40 -0000	1.26.2.4
+++ modules/menu/menu.admin.inc	16 Dec 2009 20:09:37 -0000
@@ -15,6 +15,7 @@ function menu_overview_page() {
   while ($menu = db_fetch_array($result)) {
     $menu['href'] = 'admin/build/menu-customize/'. $menu['menu_name'];
     $menu['localized_options'] = array();
+    $menu['description'] = filter_xss_admin($menu['description']);
     $content[] = $menu;
   }
   return theme('admin_block_content', $content);