Skip to main content

Context

4 CVEs product

Monthly

CVE-2015-1051 MEDIUM PATCH This Month

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Context Fedora
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-4446 MEDIUM PATCH This Month

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE Context
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-4445 MEDIUM PATCH This Month

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Context
NVD
CVSS 2.0
4.9
EPSS
0.6%
CVE-2012-5655 MEDIUM POC PATCH This Month

The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Context
NVD
CVSS 2.0
5.0
EPSS
0.6%
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Context Fedora
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Context
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Context
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy