Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fourkitchens | recent_comments | 5.x-1.0 |
| fourkitchens | recent_comments | 6.x-1.0 |
| fourkitchens | recent_comments | 5.x-1.1 |
| fourkitchens | recent_comments | 5.x-1.2 |
| fourkitchens | recent_comments | 6.x-1.1 |
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| fourkitchens | block_class | 7.x-2.0 |
| fourkitchens | block_class | 7.x-2.1 |