12 matches found
EUVD-2012-0937
Malware in sbrugna...
Drupal Panels module < 4.9.0 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Manuel Adán manuel.adan in WordPress Module Panels versions 4.9.0...
Panels - Critical - Access bypass - SA-CONTRIB-2025-033
Panels enables administrators to add page variants within page manager, panelizer, etc to create custom pages. The module doesn't sufficiently protect sensitive routes, allowing an attacker to view and modify blocks within variants without requiring appropriate permission. This vulnerability is...
[SECURITY] Fedora 23 Update: drupal7-panels-3.7-1.fc23
The Panels module allows a site administrator to create customized layouts for multiple uses. At its core it is a drag and drop content manager that lets you visually design a layout and place content within that layout. Integration with other systems allows you to create nodes that use this,...
[SECURITY] Fedora 25 Update: drupal7-panels-3.7-1.fc25
The Panels module allows a site administrator to create customized layouts for multiple uses. At its core it is a drag and drop content manager that lets you visually design a layout and place content within that layout. Integration with other systems allows you to create nodes that use this,...
Drupal Panels Module Security Bypass Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Panels is one of the modules used by site administrators to create customized layouts for multiple users. A security bypass vulnerability exists in the Drupal Panels module. An attacker...
CVE-2012-0914
Cross-site scripting XSS vulnerability in displayrenderers/panelsrenderereditor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the...
CVE-2012-0914
The CVE-2012-0914 issue affects the Drupal Panels module: Panels 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 allow XSS via Region titles due to insufficient input sanitization. An attacker must have a role with the permission to administer panel layouts and be a remote authenticated user w...
CVE-2012-0914
Cross-site scripting XSS vulnerability in displayrenderers/panelsrenderereditor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the...
Drupal Panels 5.x-1.2 XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Panels module http://drupal.org/project/panels "allows a site administrator to create...
Drupal Panels Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Panels module http://drupal.org/project/panels "allows a site administrator to create...
Drupal Panels Module 6.x PHP Code Execution Vulnerability
A vulnerability has been reported in Panels module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used in the import functionality. This can be exploited to execute arbitrary PHP code...