VIR Vulnerability Intelligence Relay

CVE-2012-1657

low
Published 2012-09-18 · Modified 2026-04-29
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.securityfocus.com/bid/52341

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48298

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1471808

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1471090

Application impact
VendorProductVersionsFixed
fourkitchensblock_class5.x-1.0
fourkitchensblock_class5.x-1.1
fourkitchensblock_class5.x-1.x
fourkitchensblock_class6.x-1.0
fourkitchensblock_class6.x-1.1
fourkitchensblock_class6.x-1.2
fourkitchensblock_class6.x-1.3
fourkitchensblock_class6.x-1.4
fourkitchensblock_class6.x-1.x
fourkitchensblock_class6.x-2.x
fourkitchensblock_class7.x-1.0
fourkitchensblock_class7.x-1.x
drupal drupaldrupal-

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.