Full Disclosure: Re: Drupal Context Module XSS

Re: Drupal Context Module XSS

From: Andrew Farmer <andfarm () gmail com>
Date: Mon, 10 May 2010 22:33:22 -0700

On 10 May 2010, at 06:08, Justin C. Klein Keane wrote:

Drupal security responds that they do not coordinate security fixes for
modules in release candidate designation.  Vulnerability was reported to
the module maintainer via the public issue queue at the direction of
Drupal security.


Also, isn't it pretty well established by this point that Drupal generally doesn't consider XSS to be a vulnerability 
if you need an admin account to trigger it?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Drupal Context Module XSS Justin C. Klein Keane (May 10)
- Re: Drupal Context Module XSS Andrew Farmer (May 11)
  - Re: Drupal Context Module XSS Justin C. Klein Keane (May 11)
- <Possible follow-ups>
- Re: Drupal Context Module XSS Justin C. Klein Keane (May 11)