2 matches found
CVE-2016-3144
CVE-2016-3144 affects the Drupal Block Class module (7.x-2.x) with remote XSS via a crafted class name when an attacker has Administer block classes permission. Root cause: improper handling of class names in 7.x-2.x prior to 7.x-2.2, enabling injection of script/HTML. Impact: cross-site scriptin...
CVE-2012-1657
The CVE-2012-1657 issue affects the Drupal Block Class module (Block Class) for Drupal 7.x prior to 7.x-1.1. The root cause is improper filtering of class names in the block configuration, enabling remote authenticated users with certain permissions to inject arbitrary web script or HTML via the ...