[Full-disclosure] Drupal Context Module XSS

[Andrew Farmer]

On 10 May 2010, at 06:08, Justin C. Klein Keane wrote:
> Drupal security responds that they do not coordinate security fixes for
> modules in release candidate designation.  Vulnerability was reported to
> the module maintainer via the public issue queue at the direction of
> Drupal security.

Also, isn't it pretty well established by this point that Drupal generally doesn't consider XSS to be a vulnerability if you need an admin account to trigger it?