[Full-disclosure] Drupal Context Module XSS
andfarm at gmail.com
Tue May 11 06:33:22 BST 2010
On 10 May 2010, at 06:08, Justin C. Klein Keane wrote:
> Drupal security responds that they do not coordinate security fixes for
> modules in release candidate designation. Vulnerability was reported to
> the module maintainer via the public issue queue at the direction of
> Drupal security.
Also, isn't it pretty well established by this point that Drupal generally doesn't consider XSS to be a vulnerability if you need an admin account to trigger it?
Full-Disclosure is hosted and sponsored by Secunia.