CVE-2016-3144

Cross-site scripting XSS vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name...

CVE-2016-3144

CVE-2016-3144 affects the Drupal Block Class module (7.x-2.x) with remote XSS via a crafted class name when an attacker has Administer block classes permission. Root cause: improper handling of class names in 7.x-2.x prior to 7.x-2.2, enabling injection of script/HTML. Impact: cross-site scriptin...

CVE-2016-3144

Cross-site scripting XSS vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name...

Block Class - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-175

This module enables you to add custom classes to blocks. The module doesn't sufficiently scrub class names written by a malicious block class administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer block classes". CVE identifier...