EUVD-2015-2196

Malware in sbrugna...

CVE-2015-2086

Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...

Cross site scripting

Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...

CVE-2015-2086

Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...

CVE-2015-2086

Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...

CVE-2015-2086

CVE-2015-2086 describes an XSS vulnerability in the live preview of the Panopoly Magic module for Drupal 7.x, prior to 7.x-1.17. The issue arises from insufficient filtering of the pane title during re‑rendering of the preview, allowing remote authenticated users to inject arbitrary scripts/HTML....

SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting (XSS)

This module enables live previews of Panels panes in the modal dialog for adding or editing them. The module doesn't sufficiently filter the pane title when re-rendering the live preview. This vulnerability is mitigated by the fact that an attacker must have permission to add or edit Panels panes...