CVE-2012-0914

Name of the Vulnerable Software and Affected Versions Panels module versions 6.x-2.x through 6.x-3.9 Panels module versions 7.x-3.x through 7.x-2.x

Description A cross-site scripting (XSS) issue exists in the Panels module, specifically in the display renderers/panels renderer editor.class.php file within the admin view. This allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.

Recommendations For Panels module versions 6.x-2.x through 6.x-3.9, update to version 6.x-3.10 or later. For Panels module versions 7.x-3.x through 7.x-2.x, update to version 7.x-3.0 or later.