CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1657
https://notcve.org/view.php?id=CVE-2012-1657
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en block_class.module en el módulo Block Class antes de v7.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con algunos permisos, inyectar secuencias de comandos web o HTML a través del nombre de clase. • http://drupal.org/node/1471090 http://drupal.org/node/1471808 http://drupalcode.org/project/block_class.git/commit/9a5205d http://secunia.com/advisories/48298 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79851 http://www.securityfocus.com/bid/52341 https://exchange.xforce.ibmcloud.com/vulnerabilities/73776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •