1327669 – (CVE-2016-3144) CVE-2016-3144 drupal7-block_class: cross site scripting

Bug 1327669 (CVE-2016-3144) - CVE-2016-3144 drupal7-block_class: cross site scripting

Summary: CVE-2016-3144 drupal7-block_class: cross site scripting

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-3144
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1327671 1327672 1327673
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-15 15:22 UTC by Andrej Nemec
Modified:	2021-02-17 04:02 UTC (History)
CC List:	4 users (show)
Fixed In Version:	drupal7-block_class 2.2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-11 07:12:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-04-15 15:22:55 UTC

Cross-site scripting (XSS) vulnerability in the Block Class module
7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users
with the "Administer block classes" permission to inject arbitrary web
script or HTML via a class name.

External references:

https://www.drupal.org/node/2636502

Comment 1 Andrej Nemec 2016-04-15 15:24:24 UTC

Created drupal7-block_class tracking bugs for this issue:

Affects: fedora-all [bug 1327671]
Affects: epel-6 [bug 1327672]
Affects: epel-7 [bug 1327673]

Comment 2 Fedora Update System 2016-04-17 23:42:37 UTC

drupal7-block_class-2.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2016-04-22 01:22:46 UTC

drupal7-block_class-2.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2016-04-22 01:49:09 UTC

drupal7-block_class-2.3-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2016-04-28 20:40:11 UTC

drupal7-block_class-2.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-04-28 21:02:32 UTC

drupal7-block_class-2.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Shawn Iwinski 2016-07-09 18:36:20 UTC

All dependent bugs have been closed.  May this tracking bug be closed as well?

Comment 8 Andrej Nemec 2016-07-11 07:12:32 UTC

(In reply to Shawn Iwinski from comment #7)
> All dependent bugs have been closed.  May this tracking bug be closed as
> well?

Yes, closing this now.

Note You need to log in before you can comment on or make changes to this bug.