Skip to main content

Ctools

7 CVEs product

Monthly

CVE-2015-7875 HIGH This Week

ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ctools
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-6665 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Fedora Drupal Ctools
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-4398 MEDIUM PATCH This Month

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Ctools
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2015-4375 MEDIUM PATCH This Month

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ctools
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1925 LOW PATCH Monitor

The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Ctools
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2012-5559 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Ctools
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2012-2082 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Ctools
NVD
CVSS 2.0
2.1
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ctools
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Fedora Drupal +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Ctools
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ctools
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Ctools
NVD
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Ctools
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Ctools
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy