This module did not properly sanitize content entered for title. It allowed sufficiently privileged users to add arbitrary HTML which could result in XSS attacks.< /p>
This vulnerability is mitigated by the fact that an attacker must have a role with the permission βadminister blocksβ or ability to edit Panel panes.
Drupal core is not affected. If you do not use the contributed Pane module, there is nothing you need to do.
Install the latest version:
Also see the Pane project page.
cve.mitre.org/
drupal.org/contact
drupal.org/project/pane
drupal.org/security-team
drupal.org/security-team/risk-levels
drupal.org/security/secure-configuration
drupal.org/writing-secure-code
twitter.com/drupalsecurity
www.drupal.org/node/2296651
www.drupal.org/u/heddn
www.drupal.org/user/36762
www.drupal.org/user/680072