Project: ContextVersion: 7.x-3.107.x-3.97.x-3.87.x-3.77.x-3.67.x-3.57.x-3.47.x-3.37.x-3.27.x-3.17.x-3.07.x-3.0-rc17.x-3.0-beta77.x-3.0-beta67.x-3.0-beta57.x-3.0-beta47.x-3.0-beta37.x-3.0-beta27.x-3.0-beta17.x-3.0-alpha37.x-3.0-alpha27.x-3.0-alpha1Date: 2022-July-27Security risk: Moderately critical 12∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: This module enables you to conditionally display blocks in particular theme regions.
The module doesn’t sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer blocks”.Solution: Install the latest version:

If you use the Context module for Drupal 7.x, upgrade to Context 7.x-3.11.
Reported By: 
Harold Aling
Fixed By: 
Harold Aling
Bostjan Kovac
Nedjo Rogers
Coordinated By: 
Damien McKenna of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
Michael Hess of the Drupal Security Team

Link to original post from Teknoids News

Read the original story