CVE-2013-2177 Information

Description

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.

Reference

http://osvdb.org/94234 http://seclists.org/fulldisclosure/2013/Jun/94 https://drupal.org/node/2017639 https://drupal.org/node/2017641 https://drupal.org/node/2017933