Drupal Context module < 6.x-2.0-rc4 HTML Injection
Medium Nessus Network Monitor Plugin ID 5532
SynopsisThe remote host is vulnerable to an HTML Injection attack
Descriptionthe remote host is running an older version of the Drupal Context module. Context is a module used to manage contextual conditions for different portions of the Drupal web site. The reported version is reported vulnerable to an HTML injection flaw wherein a remote attacker, with certain administrative rights, can insert HTML script code that would be executed within the browser of clients.
SolutionUpgrade to Context version 6.x-2.0-rc4 or later