Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Four Kitchens |
|
No data.
References
| Link | Providers |
|---|---|
| https://www.drupal.org/sa-contrib-2025-043 |
|
History
Tue, 17 Jun 2025 01:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Four Kitchens
Four Kitchens block Class |
|
| CPEs | cpe:2.3:a:four_kitchens:block_class:*:*:*:*:*:drupal:*:* | |
| Vendors & Products |
Four Kitchens
Four Kitchens block Class |
Wed, 23 Apr 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Wed, 23 Apr 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. | |
| Title | Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043 | |
| Weaknesses | CWE-79 | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: drupal
Published: 2025-04-23T17:08:08.048Z
Updated: 2025-04-23T18:45:16.583Z
Reserved: 2025-04-23T16:27:31.264Z
Link: CVE-2025-3902
Vulnrichment
Updated: 2025-04-23T18:45:07.437Z
NVD
Status : Analyzed
Published: 2025-04-23T17:16:55.983
Modified: 2025-06-17T00:54:14.607
Link: CVE-2025-3902
Redhat
No data.