CVE-2012-0914

https://notcve.org/view.php?id=CVE-2012-0914

Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en display_renderers/panels_renderer_editor.class.php en la vista de administración en el módulo Panels v6.x-2.x anterior a v6.x-3.10 y v7.x-3.x anterior v7.x-3.0 para Drupal permite a usuarios autenticados de forma remota con ciertos privilegios inyectar código web script de su elección o HTML a través del 'title' Region. • http://drupal.org/node/1409436 http://drupal.org/node/1409446 http://drupal.org/node/1409448 http://drupalcode.org/project/panels.git/commit/2066d59 http://drupalcode.org/project/panels.git/commit/d844942 http://osvdb.org/78367 http://secunia.com/advisories/47649 http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability http://www.securityfocus.com/bid/51568 https://exchange.xforce.ibmcloud.com/vulnerabilities/72549 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •