CVE-2015-1051

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter...

CVE-2015-1051

Summary: CVE-2015-1051 is an Open Redirect vulnerability in the Drupal Context module’s Context UI (Context module, 7.x-3.x) allowing redirection to arbitrary sites via the destination parameter. The affected line is before 7.x-3.6 for Drupal. What’s affected: Drupal’s Context module Context UI c...

SA-CONTRIB-2015-004 - Context - Open Redirect

Context allows you to manage contextual conditions and reactions for different portions of your site. Context UI module wasn't checking for external URLs in the HTTP GET destination parameter when redirecting users that are activating/deactivating the Context UI inline editor dialog, thereby...

CVE-2014-8376

Cross-site scripting XSS vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context...

SA-CONTRIB-2014-081 - Site Banner - Cross Site Scripting (XSS)

The Site Banner module enables you to display a banner at the top and bottom of a Drupal site. This module incorrectly prints existing context settings without proper sanitization, opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must...