Context - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-049
Project: Context
Version: 7.x-3.x
Date: 2022-July-27
Security risk: Moderately critical 12∕25
Vulnerability: Cross Site Scripting
Description
This module enables you to conditionally display blocks in particular theme regions.
The module doesn't sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".