PRIOn knowledge basePRION:CVE-2012-1657

HistorySep 18, 2012 - 8:55 p.m.

Cross site scripting

2012-09-1820:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.3%

JSON

Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.

CPENameOperatorVersion
block_classeq5.x-1.0 rc
block_classeq5.120.10
block_classeq5.120.11
block_classeq5.x-1.x dev
block_classeq6.120.10
block_classeq6.120.11
block_classeq6.120.12
block_classeq6.120.13
block_classeq6.120.14
block_classeq6.x-1.4 beta1

Name	Operator	Version
block_class	eq	5.x-1.0 rc
block_class	eq	5.120.10
block_class	eq	5.120.11
block_class	eq	5.x-1.x dev
block_class	eq	6.120.10
block_class	eq	6.120.11
block_class	eq	6.120.12
block_class	eq	6.120.13
block_class	eq	6.120.14
block_class	eq	6.x-1.4 beta1

Rows per page:

1-10 of 141

References

drupalcode.org/project/block_class.git/commit/9a5205d

secunia.com/advisories/48298

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/79851

www.securityfocus.com/bid/52341

drupal.org/node/1471090

drupal.org/node/1471808

exchange.xforce.ibmcloud.com/vulnerabilities/73776