4 matches found
CVE-2012-5655
The CVE-2012-5655 vulnerability affects the Drupal Context module (6.x-3.x prior to 6.x-3.1 and 7.x-3.x prior to 7.x-3.0-beta6). The issue, as described in the initial document, is that access to block content is not properly restricted, enabling remote attackers to obtain sensitive information v...
CVE-2013-4445
The CVE affects Drupal Context module: 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0. The issue is that the module uses Drupal’s token scheme to restrict access to the json rendering of a block, and this token-based control is not designed for intra-session protection. This allows remote auth...
CVE-2013-4446
CVE-2013-4446 affects Drupal Context module (drupal6-context 6.x-2.x before 6.x-3.2; 7.x-3.x before 7.x-3.0). The vulnerability arises when PHP lacks a json_decode function or json library, allowing remote attackers to execute arbitrary PHP code via Ajax-related vectors (possibly involving eval)....
CVE-2010-1584
The CVE-2010-1584 entry affects the Drupal Context module prior to 6.x-2.0-rc4. It describes a Cross-site scripting (XSS) vulnerability where remote authenticated users with Administer Blocks privileges can inject arbitrary script or HTML via a block description. The root cause is inadequate sani...