CVE-2015-2086

Name of the Vulnerable Software and Affected Versions Panopoly Magic module versions prior to 7.x-1.17

Description The issue is related to a cross-site scripting (XSS) vulnerability in the live preview of the Panopoly Magic module for Drupal. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

Recommendations For versions prior to 7.x-1.17, update to version 7.x-1.17 or later to resolve the issue.