mailing list archives
Re: Drupal Context Module XSS
From: Andrew Farmer <andfarm () gmail com>
Date: Mon, 10 May 2010 22:33:22 -0700
On 10 May 2010, at 06:08, Justin C. Klein Keane wrote:
Drupal security responds that they do not coordinate security fixes for
modules in release candidate designation. Vulnerability was reported to
the module maintainer via the public issue queue at the direction of
Also, isn't it pretty well established by this point that Drupal generally doesn't consider XSS to be a vulnerability
if you need an admin account to trigger it?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/