Chaos Tool Suite Project ctools for Drupal 6.x-1.4

CPE Details

Chaos Tool Suite Project ctools for Drupal 6.x-1.4
chaos_tool_suite_project
ctools
6.x-1.4
2015-06-18
14h05 +00:00
2015-06-18
14h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.4:*:*:*:*:drupal:*:*

Informations

Vendor

chaos_tool_suite_project

Product

ctools

Version

6.x-1.4

Target Software

drupal

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-7875 2017-08-07 15h00 +00:00 ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
7.5
High
CVE-2015-6665 2015-08-24 12h00 +00:00 Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
4.3
CVE-2015-4398 2015-06-16 15h00 +00:00 Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
5.8
CVE-2012-5559 2012-12-03 20h00 +00:00 Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title.
2.6
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.