Cross site scripting

Cross-site scripting XSS vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token...

CVE-2012-5585

Affected software: Drupal Mixpanel contributed module (6.x-1.x) prior to 6.x-1.1. Vulnerability: Cross-site scripting (XSS) due to insufficient escaping of the Mixpanel token when injecting the tracking Javascript. Prereq/impact: Requires a user with the “access administration pages” permission; ...