CVE-2012-1657
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
| Software | From | Fixed in |
|---|---|---|
| fourkitchens / block_class | 5.x-1.0-rc | 5.x-1.0-rc.x |
| fourkitchens / block_class | 5.x-1.0 | 5.x-1.0.x |
| fourkitchens / block_class | 5.x-1.1 | 5.x-1.1.x |
| fourkitchens / block_class | 5.x-1.x-dev | 5.x-1.x-dev.x |
| fourkitchens / block_class | 6.x-1.0 | 6.x-1.0.x |
| fourkitchens / block_class | 6.x-1.1 | 6.x-1.1.x |
| fourkitchens / block_class | 6.x-1.2 | 6.x-1.2.x |
| fourkitchens / block_class | 6.x-1.3 | 6.x-1.3.x |
| fourkitchens / block_class | 6.x-1.4 | 6.x-1.4.x |
| fourkitchens / block_class | 6.x-1.4-beta1 | 6.x-1.4-beta1.x |
| fourkitchens / block_class | 6.x-1.x-dev | 6.x-1.x-dev.x |
| fourkitchens / block_class | 6.x-2.x-dev | 6.x-2.x-dev.x |
| fourkitchens / block_class | 7.x-1.0 | 7.x-1.0.x |
| fourkitchens / block_class | 7.x-1.x-dev | 7.x-1.x-dev.x |
- http://drupal.org/node/1471090
- http://drupal.org/node/1471808
- http://drupalcode.org/project/block_class.git/commit/9a5205d
- http://secunia.com/advisories/48298
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.osvdb.org/79851
- http://www.securityfocus.com/bid/52341
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73776
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime