Bug 1327669 (CVE-2016-3144) - CVE-2016-3144 drupal7-block_class: cross site scripting
Summary: CVE-2016-3144 drupal7-block_class: cross site scripting
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-3144
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1327671 1327672 1327673
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-15 15:22 UTC by Andrej Nemec
Modified: 2019-09-29 13:47 UTC (History)
4 users (show)

Fixed In Version: drupal7-block_class 2.2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-11 07:12:32 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2016-04-15 15:22:55 UTC
Cross-site scripting (XSS) vulnerability in the Block Class module
7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users
with the "Administer block classes" permission to inject arbitrary web
script or HTML via a class name.

External references:

https://www.drupal.org/node/2636502

Comment 1 Andrej Nemec 2016-04-15 15:24:24 UTC
Created drupal7-block_class tracking bugs for this issue:

Affects: fedora-all [bug 1327671]
Affects: epel-6 [bug 1327672]
Affects: epel-7 [bug 1327673]

Comment 2 Fedora Update System 2016-04-17 23:42:37 UTC
drupal7-block_class-2.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2016-04-22 01:22:46 UTC
drupal7-block_class-2.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2016-04-22 01:49:09 UTC
drupal7-block_class-2.3-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2016-04-28 20:40:11 UTC
drupal7-block_class-2.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-04-28 21:02:32 UTC
drupal7-block_class-2.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Shawn Iwinski 2016-07-09 18:36:20 UTC
All dependent bugs have been closed.  May this tracking bug be closed as well?

Comment 8 Andrej Nemec 2016-07-11 07:12:32 UTC
(In reply to Shawn Iwinski from comment #7)
> All dependent bugs have been closed.  May this tracking bug be closed as
> well?

Yes, closing this now.


Note You need to log in before you can comment on or make changes to this bug.