This module enables you to manage contextual conditions and reactions for different portions of your site.
The module doesn't sufficiently sanitize user output when displayed leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have the ability to store malicious markup in the site (e.g. permission to create a node with a field that accepts "filtered html").
Install the latest version:
- If you use the context module for Drupal 7.x, upgrade to context 7.x-3.10
Also see the Context project page.
- Ivo Van Geertruyen of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Cash Williams of the Drupal Security Team