Severity: Critical
CVSS Score: 10
The Contextual Links module doesn't sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".