PT-2015-5593 · Drupal · Panopoly Magic
Published
2015-02-26
·
Updated
2015-02-26
·
CVE-2015-2086
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Panopoly Magic module versions prior to 7.x-1.17
Description
The issue is related to a cross-site scripting (XSS) vulnerability in the live preview of the Panopoly Magic module for Drupal. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a pane title.
Recommendations
For versions prior to 7.x-1.17, update to version 7.x-1.17 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Panopoly Magic