Cross site scripting

2012-11-0110:44:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the “administer hotblocks” permission to inject arbitrary web script or HTML via the “block names.”

CPENameOperatorVersion
hotblockseq6.120.15
hotblockseq6.120.16
hotblockseq6.120.17
hotblockseq6.x-1.x dev

Name	Operator	Version
hotblocks	eq	6.120.15
hotblocks	eq	6.120.16
hotblocks	eq	6.120.17
hotblocks	eq	6.x-1.x dev

References

www.madirish.net/543

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

drupal.org/node/1732828

drupal.org/node/1732946