CVE-2012-5705

Name of the Vulnerable Software and Affected Versions Drupal Hotblocks module versions 6.x-1.x before 6.x-1.8

Description A cross-site scripting (XSS) issue exists in the settings page of the Hotblocks module for Drupal, specifically at the 'admin/settings/hotblocks' endpoint. This allows remote authenticated users with the administer hotblocks permission to inject arbitrary web script or HTML via the block names variable.

Recommendations For versions prior to 6.x-1.8, update to version 6.x-1.8 or later to resolve the issue.