CVE-2014-7869

Name of the Vulnerable Software and Affected Versions Context Form Alteration module versions 7.x-1.x before 7.x-1.2

Description A cross-site scripting (XSS) issue exists in the configuration UI of the Context Form Alteration module for Drupal, allowing remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML.

Recommendations For Context Form Alteration module versions 7.x-1.x before 7.x-1.2, update to version 7.x-1.2 or later to resolve the issue.