Drupal Block Class module cross-site scripting vulnerability (CNVD-2016-02374)

Drupal is the Drupal community maintained by a set of free, open source content management system developed in PHP. Block Class is one of the administrator through the Block configuration interface to add CSS to any Block module . Drupal Block Class module 7.x-2.2 before the 7.x-2.x version of a...

CVE-2016-3144

Cross-site scripting XSS vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name...