{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "47649", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47649"}, {"name": "51568", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51568"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1409436"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/panels.git/commit/d844942"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1409446"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/panels.git/commit/2066d59"}, {"tags": ["x_refsource_MISC"], "url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1409448"}, {"name": "drupal-panels-unspecified-xss(72549)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549"}, {"name": "78367", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/78367"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0914", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "47649", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47649"}, {"name": "51568", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51568"}, {"name": "http://drupal.org/node/1409436", "refsource": "CONFIRM", "url": "http://drupal.org/node/1409436"}, {"name": "http://drupalcode.org/project/panels.git/commit/d844942", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/panels.git/commit/d844942"}, {"name": "http://drupal.org/node/1409446", "refsource": "CONFIRM", "url": "http://drupal.org/node/1409446"}, {"name": "http://drupalcode.org/project/panels.git/commit/2066d59", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/panels.git/commit/2066d59"}, {"name": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability", "refsource": "MISC", "url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability"}, {"name": "http://drupal.org/node/1409448", "refsource": "CONFIRM", "url": "http://drupal.org/node/1409448"}, {"name": "drupal-panels-unspecified-xss(72549)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549"}, {"name": "78367", "refsource": "OSVDB", "url": "http://osvdb.org/78367"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:15.070Z"}, "title": "CVE Program Container", "references": [{"name": "47649", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47649"}, {"name": "51568", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51568"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1409436"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/panels.git/commit/d844942"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1409446"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/panels.git/commit/2066d59"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1409448"}, {"name": "drupal-panels-unspecified-xss(72549)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549"}, {"name": "78367", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/78367"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0914", "datePublished": "2012-01-24T18:00:00", "dateReserved": "2012-01-24T00:00:00", "dateUpdated": "2024-08-06T18:38:15.070Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F7FDB15-3B06-43AA-8FDF-DCCA137EAEAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "C11733CB-B68B-4DC4-90E8-75EDB2A9D616", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "3DFF9E8E-3C0C-4E07-8C65-7E928E71563C", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "5F2BB012-22DF-42E2-89F4-5542EAB21107", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "70775F0F-3B57-417E-B116-3CFD43B83B66", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B4A7B0F5-A9CC-4287-8247-D44B71A0C46D", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "FE5F0B91-A3B1-4A8D-B64A-4ECD94CA94C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "6347ECE0-2C66-47D5-9B57-D5BA0D6F4C91", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8A162DC0-D61B-404D-914F-F058D2DED47C", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D0DE2442-F0A0-400A-AC91-61B331330D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C90BD49E-2583-4BC3-91E7-9B104251ECD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B49552D8-63A9-40C3-8D24-AB345996CFF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.4:*:*:*:*:*:*:*", "matchCriteriaId": "8D4030F8-497F-46A3-A6B4-CC0CD7DBBFAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.5:*:*:*:*:*:*:*", "matchCriteriaId": "D0CC32BC-3EE5-4743-B89A-3C13FEDB033A", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.7:*:*:*:*:*:*:*", "matchCriteriaId": "D13FAA1B-E84F-4215-A7B4-44D5A3802879", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.8:*:*:*:*:*:*:*", "matchCriteriaId": "13A37FE9-FA07-4566-9D64-E73385656077", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.9:*:*:*:*:*:*:*", "matchCriteriaId": "DB6B4223-3E5B-4F60-B0EF-E1C9B086F97C", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "FCDE6A13-FB05-4016-8793-FDA4D8543E5A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "9B440A22-6241-4452-A5FE-0C41CE77FE27", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "BB849863-7CD4-4B7E-8136-CF94FCF714A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "D97AB2AD-24F8-4080-9E0A-5291FC05FBAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "EA78D313-CFCF-4AD4-A3F1-9CADD135B8EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title."}, {"lang": "es", "value": "Vulnerbilidad de ejecuci\u00f3n de secuencias de comandos web en sitios cruzados (XSS) en display_renderers/panels_renderer_editor.class.php en la vista de administraci\u00f3n en el m\u00f3dulo Panels v6.x-2.x anterior a v6.x-3.10 y v7.x-3.x anterior v7.x-3.0 para Drupal permite a usuarios autenticados de forma remota con ciertos privilegios inyectar c\u00f3digo web script de su elecci\u00f3n o HTML a trav\u00e9s del 'title' Region."}], "id": "CVE-2012-0914", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-01-24T18:55:01.690", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1409436"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://drupal.org/node/1409446"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://drupal.org/node/1409448"}, {"source": "cve@mitre.org", "url": "http://drupalcode.org/project/panels.git/commit/2066d59"}, {"source": "cve@mitre.org", "url": "http://drupalcode.org/project/panels.git/commit/d844942"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/78367"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47649"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51568"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1409436"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://drupal.org/node/1409446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://drupal.org/node/1409448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupalcode.org/project/panels.git/commit/2066d59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupalcode.org/project/panels.git/commit/d844942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/78367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47649"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51568"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}