Context Module 6.x-2.0-beta6 for Drupal

CPE Details

Context Module 6.x-2.0-beta6 for Drupal
steven_jones
context
6.x-2.0
2010-05-19
17h14 +00:00
2013-01-04
19h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:steven_jones:context:6.x-2.0:beta6:*:*:*:*:*:*

Informations

Vendor

steven_jones

Product

context

Version

6.x-2.0

Update

beta6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2013-4445 2013-12-07 19h00 +00:00 The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.
4.9
CVE-2013-4446 2013-12-07 19h00 +00:00 The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.
6.8
CVE-2010-1584 2010-05-18 13h29 +00:00 Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.
2.1