Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. External references: https://www.drupal.org/node/2636502
Created drupal7-block_class tracking bugs for this issue: Affects: fedora-all [bug 1327671] Affects: epel-6 [bug 1327672] Affects: epel-7 [bug 1327673]
drupal7-block_class-2.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
drupal7-block_class-2.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
drupal7-block_class-2.3-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
drupal7-block_class-2.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
drupal7-block_class-2.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
All dependent bugs have been closed. May this tracking bug be closed as well?
(In reply to Shawn Iwinski from comment #7) > All dependent bugs have been closed. May this tracking bug be closed as > well? Yes, closing this now.