Lucene search
K
Steven JonesContext

4 matches found

CVE
CVE
added 2013/01/03 1:0 a.m.60 views

CVE-2012-5655

The CVE-2012-5655 vulnerability affects the Drupal Context module (6.x-3.x prior to 6.x-3.1 and 7.x-3.x prior to 7.x-3.0-beta6). The issue, as described in the initial document, is that access to block content is not properly restricted, enabling remote attackers to obtain sensitive information v...

5CVSS5.9AI score0.01663EPSS
CVE
CVE
added 2013/12/07 8:0 p.m.60 views

CVE-2013-4445

The CVE affects Drupal Context module: 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0. The issue is that the module uses Drupal’s token scheme to restrict access to the json rendering of a block, and this token-based control is not designed for intra-session protection. This allows remote auth...

4.9CVSS6AI score0.01569EPSS
CVE
CVE
added 2013/12/07 8:0 p.m.49 views

CVE-2013-4446

CVE-2013-4446 affects Drupal Context module (drupal6-context 6.x-2.x before 6.x-3.2; 7.x-3.x before 7.x-3.0). The vulnerability arises when PHP lacks a json_decode function or json library, allowing remote attackers to execute arbitrary PHP code via Ajax-related vectors (possibly involving eval)....

6.8CVSS7.8AI score0.0153EPSS
CVE
CVE
added 2010/05/18 3:29 p.m.43 views

CVE-2010-1584

The CVE-2010-1584 entry affects the Drupal Context module prior to 6.x-2.0-rc4. It describes a Cross-site scripting (XSS) vulnerability where remote authenticated users with Administer Blocks privileges can inject arbitrary script or HTML via a block description. The root cause is inadequate sani...

2.1CVSS5.4AI score0.01243EPSS
Web