icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Drupal Context module < 6.x-2.0-rc4 HTML Injection

Medium

Synopsis

The remote host is vulnerable to an HTML Injection attack

Description

the remote host is running an older version of the Drupal Context module. Context is a module used to manage contextual conditions for different portions of the Drupal web site. The reported version is reported vulnerable to an HTML injection flaw wherein a remote attacker, with certain administrative rights, can insert HTML script code that would be executed within the browser of clients.

Solution

Upgrade to Context version 6.x-2.0-rc4 or later