Justin Klein Keane

**Name of the Vulnerable Software and Affected Versions** Drupal Context module versions prior to 6.x-2.0-rc4 **Description** A cross-site scripting (XSS) issue exists, allowing remote authenticated users with Administer Blocks privileges to inject arbitrary web script or HTML via a block description. **Recommendations** For versions prior to 6.x-2.0-rc4, update to version 6.x-2.0-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to block descriptions for users with Administer Blocks privileges until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Taxonomy manager versions 5.x before 5.x-1.2 **Description** A cross-site scripting (XSS) issue exists in the term data detail page of the Taxonomy manager module for Drupal. This allows remote authenticated users with specific privileges to inject arbitrary web script or HTML via the "Parent and related terms" field. **Recommendations** For Taxonomy manager versions 5.x before 5.x-1.2, update to version 5.x-1.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Drupal Answers module versions 5.x-1.x-dev and possibly other 5.x versions Description: A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question. Recommendations: For versions 5.x-1.x-dev and other affected 5.x versions, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Greg Holsclaw Link to Us module versions 5.x before 5.x-1.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote authenticated users to inject arbitrary web script or HTML via the `Link page header` field. **Recommendations** For versions prior to 5.x-1.1, update to version 5.x-1.1 or later to resolve the issue.