All the vulnerabilites related to chaos_tool_suite_project - ctools
cve-2012-5559
Vulnerability from cvelistv5
Published
2012-12-03 21:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/1840992 | x_refsource_MISC | |
| http://drupal.org/node/1841030 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51259 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/11/20/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1840992"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1841030"
},
{
"name": "51259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51259"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-03T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1840992"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1841030"
},
{
"name": "51259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51259"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5559",
"datePublished": "2012-12-03T21:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6665
Vulnerability from cvelistv5
Published
2015-08-24 14:00
Modified
2024-08-06 07:29
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-14442",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
},
{
"name": "FEDORA-2015-14329",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
},
{
"name": "FEDORA-2015-13915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
},
{
"name": "1033358",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2554145"
},
{
"name": "FEDORA-2015-14443",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
},
{
"name": "FEDORA-2015-13917",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
},
{
"name": "76431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76431"
},
{
"name": "DSA-3346",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3346"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/SA-CORE-2015-003"
},
{
"name": "FEDORA-2015-14444",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2554133"
},
{
"name": "FEDORA-2015-14330",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
},
{
"name": "FEDORA-2015-13916",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
},
{
"name": "FEDORA-2015-14331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-14442",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
},
{
"name": "FEDORA-2015-14329",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
},
{
"name": "FEDORA-2015-13915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
},
{
"name": "1033358",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2554145"
},
{
"name": "FEDORA-2015-14443",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
},
{
"name": "FEDORA-2015-13917",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
},
{
"name": "76431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76431"
},
{
"name": "DSA-3346",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3346"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/SA-CORE-2015-003"
},
{
"name": "FEDORA-2015-14444",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2554133"
},
{
"name": "FEDORA-2015-14330",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
},
{
"name": "FEDORA-2015-13916",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
},
{
"name": "FEDORA-2015-14331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-14442",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
},
{
"name": "FEDORA-2015-14329",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
},
{
"name": "FEDORA-2015-13915",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
},
{
"name": "1033358",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033358"
},
{
"name": "https://www.drupal.org/node/2554145",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2554145"
},
{
"name": "FEDORA-2015-14443",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
},
{
"name": "FEDORA-2015-13917",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
},
{
"name": "76431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76431"
},
{
"name": "DSA-3346",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3346"
},
{
"name": "https://www.drupal.org/SA-CORE-2015-003",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/SA-CORE-2015-003"
},
{
"name": "FEDORA-2015-14444",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
},
{
"name": "https://www.drupal.org/node/2554133",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2554133"
},
{
"name": "FEDORA-2015-14330",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
},
{
"name": "FEDORA-2015-13916",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
},
{
"name": "FEDORA-2015-14331",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6665",
"datePublished": "2015-08-24T14:00:00",
"dateReserved": "2015-08-24T00:00:00",
"dateUpdated": "2024-08-06T07:29:24.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4398
Vulnerability from cvelistv5
Published
2015-06-16 17:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.drupal.org/node/2454885 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73224 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/03/22/35 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/04/25/6 | mailing-list, x_refsource_MLIST | |
| https://www.drupal.org/node/2454909 | x_refsource_MISC | |
| https://www.drupal.org/node/2454883 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:12.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2454885"
},
{
"name": "73224",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73224"
},
{
"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2454909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2454883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-17T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2454885"
},
{
"name": "73224",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73224"
},
{
"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2454909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2454883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2454885",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2454885"
},
{
"name": "73224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73224"
},
{
"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "https://www.drupal.org/node/2454909",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2454909"
},
{
"name": "https://www.drupal.org/node/2454883",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2454883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4398",
"datePublished": "2015-06-16T17:00:00",
"dateReserved": "2015-06-05T00:00:00",
"dateUpdated": "2024-08-06T06:11:12.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4375
Vulnerability from cvelistv5
Published
2015-06-15 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/03/22/35 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/04/25/6 | mailing-list, x_refsource_MLIST | |
| https://www.drupal.org/node/2454909 | x_refsource_MISC | |
| https://www.drupal.org/node/2454883 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:12.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2454909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2454883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-15T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2454909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2454883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "https://www.drupal.org/node/2454909",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2454909"
},
{
"name": "https://www.drupal.org/node/2454883",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2454883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4375",
"datePublished": "2015-06-15T14:00:00",
"dateReserved": "2015-06-05T00:00:00",
"dateUpdated": "2024-08-06T06:11:12.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1547
Vulnerability from cvelistv5
Published
2010-05-21 20:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58722 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/39884 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2010/May/272 | mailing-list, x_refsource_FULLDISC | |
| http://drupal.org/node/803944 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/40285 | vdb-entry, x_refsource_BID | |
| http://www.madirish.net/?article=458 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "chaos-tool-unspecified-csrf(58722)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
},
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39884"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/?article=458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "chaos-tool-unspecified-csrf(58722)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
},
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39884"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/?article=458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "chaos-tool-unspecified-csrf(58722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
},
{
"name": "39884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39884"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"name": "http://drupal.org/node/803944",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40285"
},
{
"name": "http://www.madirish.net/?article=458",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1547",
"datePublished": "2010-05-21T20:00:00",
"dateReserved": "2010-04-26T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7875
Vulnerability from cvelistv5
Published
2017-08-07 17:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.drupal.org/node/2554145 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/10/21/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/76441 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2554145"
},
{
"name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
},
{
"name": "76441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the \"edit\" permission for the \"content type\" plugins that are used on Panels and similar systems to place content and functionality on a page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2554145"
},
{
"name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
},
{
"name": "76441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the \"edit\" permission for the \"content type\" plugins that are used on Panels and similar systems to place content and functionality on a page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2554145",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2554145"
},
{
"name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
},
{
"name": "76441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7875",
"datePublished": "2017-08-07T17:00:00",
"dateReserved": "2015-10-21T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1548
Vulnerability from cvelistv5
Published
2010-05-21 20:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/39884 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58724 | vdb-entry, x_refsource_XF | |
| http://seclists.org/fulldisclosure/2010/May/272 | mailing-list, x_refsource_FULLDISC | |
| http://drupal.org/node/803944 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/40285 | vdb-entry, x_refsource_BID | |
| http://www.madirish.net/?article=458 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39884"
},
{
"name": "chaos-tool-permissions-sec-bypass(58724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/?article=458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with \"access content\" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node\u0027s title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39884"
},
{
"name": "chaos-tool-permissions-sec-bypass(58724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/?article=458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with \"access content\" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node\u0027s title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39884"
},
{
"name": "chaos-tool-permissions-sec-bypass(58724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"name": "http://drupal.org/node/803944",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40285"
},
{
"name": "http://www.madirish.net/?article=458",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1548",
"datePublished": "2010-05-21T20:00:00",
"dateReserved": "2010-04-26T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1546
Vulnerability from cvelistv5
Published
2010-05-21 20:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log | x_refsource_CONFIRM | |
| http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9&r2=1.27.2.10 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/39884 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2010/May/272 | mailing-list, x_refsource_FULLDISC | |
| http://drupal.org/node/803944 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58723 | vdb-entry, x_refsource_XF | |
| http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6&r2=1.18.2.7 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/40285 | vdb-entry, x_refsource_BID | |
| http://www.madirish.net/?article=458 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
},
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39884"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "chaos-tool-import-code-execution(58723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/?article=458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with \"administer page manager\" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
},
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39884"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "chaos-tool-import-code-execution(58723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/?article=458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with \"administer page manager\" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
},
{
"name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
},
{
"name": "39884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39884"
},
{
"name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
},
{
"name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"name": "http://drupal.org/node/803944",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803944"
},
{
"name": "chaos-tool-import-code-execution(58723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
},
{
"name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
},
{
"name": "40285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40285"
},
{
"name": "http://www.madirish.net/?article=458",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1546",
"datePublished": "2010-05-21T20:00:00",
"dateReserved": "2010-04-26T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1925
Vulnerability from cvelistv5
Published
2013-07-16 18:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html | x_refsource_MISC | |
| https://drupal.org/node/1960406 | x_refsource_MISC | |
| http://osvdb.org/91986 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83254 | vdb-entry, x_refsource_XF | |
| https://drupal.org/node/1960424 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2013/Apr/8 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1960406"
},
{
"name": "91986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91986"
},
{
"name": "drupal-chaostool-node-security-bypass(83254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/1960424"
},
{
"name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1960406"
},
{
"name": "91986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91986"
},
{
"name": "drupal-chaostool-node-security-bypass(83254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/1960424"
},
{
"name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
},
{
"name": "https://drupal.org/node/1960406",
"refsource": "MISC",
"url": "https://drupal.org/node/1960406"
},
{
"name": "91986",
"refsource": "OSVDB",
"url": "http://osvdb.org/91986"
},
{
"name": "drupal-chaostool-node-security-bypass(83254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
},
{
"name": "https://drupal.org/node/1960424",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/1960424"
},
{
"name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1925",
"datePublished": "2013-07-16T18:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2010
Vulnerability from cvelistv5
Published
2010-05-21 20:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58721 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/39884 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/803944 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/40285 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "chaos-tool-titles-xss(58721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
},
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39884"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "chaos-tool-titles-xss(58721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
},
{
"name": "39884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39884"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "chaos-tool-titles-xss(58721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
},
{
"name": "39884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39884"
},
{
"name": "http://drupal.org/node/803944",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2010",
"datePublished": "2010-05-21T20:00:00",
"dateReserved": "2010-05-21T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2082
Vulnerability from cvelistv5
Published
2012-08-14 23:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48616 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupalcode.org/project/ctools.git/commit/755b3c4 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/52794 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/80679 | vdb-entry, x_refsource_OSVDB | |
| http://drupal.org/node/1507466 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74481 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/1507412 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "52794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52794"
},
{
"name": "80679",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80679"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1507466"
},
{
"name": "drupal-chaos-unspecified-xss(74481)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1507412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "52794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52794"
},
{
"name": "80679",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80679"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1507466"
},
{
"name": "drupal-chaos-unspecified-xss(74481)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1507412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48616"
},
{
"name": "http://drupalcode.org/project/ctools.git/commit/755b3c4",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "52794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52794"
},
{
"name": "80679",
"refsource": "OSVDB",
"url": "http://osvdb.org/80679"
},
{
"name": "http://drupal.org/node/1507466",
"refsource": "MISC",
"url": "http://drupal.org/node/1507466"
},
{
"name": "drupal-chaos-unspecified-xss(74481)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
},
{
"name": "http://drupal.org/node/1507412",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1507412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2082",
"datePublished": "2012-08-14T23:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48C33CAB-4633-418C-B162-20A2EC24E8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "CC3B1750-17AD-4386-B6EE-1AFC9CDFB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9E0C1873-22A6-4CE9-853D-2A40BD3D9E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "9F6DF608-0DA2-455F-AD28-7BE4A7548E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "7BCC306D-EB5D-4784-B0B1-B4F9370796F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "5639A5F3-CD18-451C-BA5A-3336C42BED83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "5B0A10CA-F59E-48AC-97E9-8476F63BAEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "07B7917C-5934-4AFF-B3DB-BE9B099B27FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "16731B53-3CD1-4B98-947B-7621162D8DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BD738402-A50E-4AEB-8F42-607F52DE5540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "199AC10C-6E65-409B-8658-E26240B27E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "2B378BEF-B070-4955-A6B3-8F2ACBA96832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "19EC9A36-5EDC-4519-802E-BEA69B18800A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C281EA7-8AE1-4D5A-B03B-B3BE37740195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "024CF5B1-1875-4785-ACAF-35ECCC7914A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5F446903-51AC-4FA3-BA90-C2EA59BBDB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE86CC5-956E-4F16-BE7B-2B1CAAEB5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AC1B21-D3BE-4B6A-AE40-8B395E81DD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5E8A73-1C02-4900-BC30-83084DC8371C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A41E3-BF0F-49BD-9F0F-5FDC11BF2499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "937C3149-3F34-40D8-964D-FB65EBDF0BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90CD183A-3777-44F9-8CA6-8E802058D099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "68C0CC63-558B-4750-8293-926BE9EAD42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA66BCA5-3934-449E-BAD3-D0DFBF4A04BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5030281C-CD4F-4106-A100-332A4C3C2AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D408134A-29E8-4D6A-9352-DB7F9CF55FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3B08C41E-2357-44D5-A3A7-75389B343B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F40588-308A-4BA7-AE62-5DCC7D7528EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E41BD65A-F39B-42C5-8776-CE09345A531D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAFBC02-38E9-41F3-8944-6F6AB0A85941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9069C99D-C935-4272-B7F4-172CFD246835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "41BE2EAA-CC60-4EFA-9E75-61EDA0EB69B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "71CABDC4-0E47-4E33-9075-79E0D59D9A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "74A5893C-A855-4C49-A17A-83B6172C0496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4048A2C7-9646-42E3-9D4B-DE9CF4AC66C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C915139-9B3A-4583-99A9-3447ACEF9E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "01BE6A75-15F2-416C-9EBB-6FDD995C7399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D82630-555A-43CE-986D-2D15DD8A68F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9F1B32-B3C0-47AB-96C1-0AEF7A96744A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "A23E72D9-9301-4CF8-A083-0AEC91F2845E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "983636D8-084A-40AA-8EEA-39D4D39EA056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEAA6C1-D2F5-4C7A-AEEA-FEDD52F039B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "BCAC8831-637A-49B7-9DFD-93965D0944A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "247FF6EA-E8E8-4AC9-BC03-6D8929DC60EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73AAA716-1DB3-4D38-A52B-F579EE5627AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "18257E82-134E-4B4B-9AA4-997582A6FE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "42224177-DEFC-4A23-9707-0C2A96902FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0017C6-C985-4F0C-89C4-198063DAB3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2A100A-4579-4E32-9ED1-54E6063032CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9B41BB85-CED1-4CED-A56E-A58A22AAE4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*",
"matchCriteriaId": "19437699-98F7-40EC-B0F9-502CA8126749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*",
"matchCriteriaId": "3697FD64-0D39-45E0-B91E-6190B13CE8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "0F860666-578F-4B48-ABCA-1B5F2697DEAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "707AD226-1D2E-46B5-9626-FDD99A5F7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "C5B9EF92-78B1-44DE-83C5-068199E0EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "2C05A815-09CB-4201-8345-89AE530D9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "492C9CF3-A6D8-4BC2-B9CE-6575BEF6C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "3C89BFC4-CBFE-40D0-AF4B-D18750F8F83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "7158E609-D504-4938-9651-2A782D319838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "6CF31BF7-3BD2-4EA1-BEA1-C73E5AAD6779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "C9EFC7E5-F1D7-4EB3-B185-A7CFDA961261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "CA34F407-47D1-4F39-B26A-84FCD05EE6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "0B3D4721-7320-423F-8E76-07E4D2E7F6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "58C0D287-58A4-4C8D-9042-29042FA412F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DE51E707-6ABD-431C-B3B7-89D514BFFC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DDC0B3F6-DF07-4E0A-8F37-3261AD144E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "599655AB-52D9-47E8-B388-CFB4F75DB8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "A7450146-5D5D-4681-99F1-2952AB0855B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "43E0AAD2-2937-4389-BF5E-A63A33723F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.8:*:*:*:*:drupal:*:*",
"matchCriteriaId": "82843F45-7863-4D43-AAC6-E807356D16A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.9:*:*:*:*:drupal:*:*",
"matchCriteriaId": "754DAD0C-555C-41E8-8384-CD5A21442992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.11:*:*:*:*:drupal:*:*",
"matchCriteriaId": "77BC1FBB-7D2A-4651-B9AA-E34DBBAA8B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.12:*:*:*:*:drupal:*:*",
"matchCriteriaId": "081EC9A4-A303-41B7-85AD-2B63D19F6D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.13:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EC29EF2B-3E16-4808-89FA-DE57DBCEAEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "4437675C-D86D-4903-9641-3AA3D28BD9F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el manejador Ajax en Drupal 7.x en versiones anteriores a la 7.39 y el m\u00f3dulo Ctools 6.x-1.x en versiones anteriores a 6.x-1.14 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores implicando un elemento HTML en la lista blanca, posiblemente relacionado con la etiqueta \u0027a\u0027."
}
],
"id": "CVE-2015-6665",
"lastModified": "2024-11-21T02:35:23.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-24T14:59:22.680",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3346"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76431"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/SA-CORE-2015-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2554133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2554145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/SA-CORE-2015-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2554133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2554145"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-15 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.1 | |
| chaos_tool_suite_project | ctools | 7.x-1.2 | |
| chaos_tool_suite_project | ctools | 7.x-1.3 | |
| chaos_tool_suite_project | ctools | 7.x-1.4 | |
| chaos_tool_suite_project | ctools | 7.x-1.5 | |
| chaos_tool_suite_project | ctools | 7.x-1.6 | |
| chaos_tool_suite_project | ctools | 7.x-1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "5FA4E46D-F7D9-448D-B971-D8EE786EB3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EFA33F20-D932-42F3-84B0-9E55645D64D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "F56B3706-6AF5-42C9-A565-882AE03ADA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "7683107F-23E1-4220-91FA-CFCDD2129AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "698747A0-461D-409B-B9DE-9059CCF81AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "05D4A651-2FFE-42D1-8412-4C3C4098995F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "FF5CE8CA-69E1-465A-9F16-C96FB1E0F564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "B6B28B89-76C3-4407-84EF-48CBF6FBD783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."
},
{
"lang": "es",
"value": "El m\u00f3dulo Chaos tool suite (ctools) 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos obtener t\u00edtulos de nodos a trav\u00e9s (1) de una b\u00fasqueda de autocompletado en entidades personalizadas sin indicador de consulta de acceso o (2) del aprovechamiento de conocimiento de un identificador de una entidad."
}
],
"id": "CVE-2015-4375",
"lastModified": "2024-11-21T02:30:56.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-15T14:59:32.763",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2454883"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2454909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2454883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2454909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-21 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.1 | |
| chaos_tool_suite_project | ctools | 6.x-1.2 | |
| chaos_tool_suite_project | ctools | 6.x-1.3 | |
| chaos_tool_suite_project | ctools | 6.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "707AD226-1D2E-46B5-9626-FDD99A5F7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "C5B9EF92-78B1-44DE-83C5-068199E0EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "2C05A815-09CB-4201-8345-89AE530D9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "492C9CF3-A6D8-4BC2-B9CE-6575BEF6C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "3C89BFC4-CBFE-40D0-AF4B-D18750F8F83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "7158E609-D504-4938-9651-2A782D319838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "6CF31BF7-3BD2-4EA1-BEA1-C73E5AAD6779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "C9EFC7E5-F1D7-4EB3-B185-A7CFDA961261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "CA34F407-47D1-4F39-B26A-84FCD05EE6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "0B3D4721-7320-423F-8E76-07E4D2E7F6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "58C0D287-58A4-4C8D-9042-29042FA412F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DE51E707-6ABD-431C-B3B7-89D514BFFC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "4437675C-D86D-4903-9641-3AA3D28BD9F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x-1.4 de Drupal. Permiten a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del t\u00edtulo de nodo."
}
],
"id": "CVE-2010-2010",
"lastModified": "2024-11-21T01:15:42.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-21T20:30:01.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-16 18:55
Modified
2024-11-21 01:50
Severity ?
Summary
The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.1 | |
| chaos_tool_suite_project | ctools | 7.x-1.2 | |
| chaos_tool_suite_project | ctools | 7.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "5FA4E46D-F7D9-448D-B971-D8EE786EB3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "03BCA1E8-4733-4653-BA48-EEB373DFE218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "5A481BBC-B7DE-4AB7-A582-85E02ADFCAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "00DBF5CE-D194-4446-80C8-C332AD02E50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha4:*:*:*:drupal:*:*",
"matchCriteriaId": "16B9EAD7-E9A4-451D-9A23-E9372C239322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "FAD3327C-8619-4A96-B9C9-FFB4F374492C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "62E855A8-381E-471B-AD3F-811DA35DAAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "F5055F95-FEC4-4C14-8DD6-AD535FBCD401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EFA33F20-D932-42F3-84B0-9E55645D64D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "F56B3706-6AF5-42C9-A565-882AE03ADA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "6792E424-EA0A-4341-91E6-9C14446B6FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list."
},
{
"lang": "es",
"value": "El m\u00f3dulo Chaos Tool Suite (ctools) 7.x-1.x anterior a 7.x-1.3 para Drupal no restringe adecuadamente el acceso a los nodos, lo que permite a usuarios autenticados remotamente con permisos de \"acceso al contenido\" la lectura de nodos restringidos a trav\u00e9s de una lista que se autocompleta."
}
],
"id": "CVE-2013-1925",
"lastModified": "2024-11-21T01:50:41.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-16T18:55:01.293",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/91986"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Apr/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1960406"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/1960424"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/91986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Apr/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1960406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/1960424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-21 20:30
Modified
2024-11-21 01:14
Severity ?
Summary
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.1 | |
| chaos_tool_suite_project | ctools | 6.x-1.2 | |
| chaos_tool_suite_project | ctools | 6.x-1.3 | |
| chaos_tool_suite_project | ctools | 6.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "707AD226-1D2E-46B5-9626-FDD99A5F7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "C5B9EF92-78B1-44DE-83C5-068199E0EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "2C05A815-09CB-4201-8345-89AE530D9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "492C9CF3-A6D8-4BC2-B9CE-6575BEF6C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "3C89BFC4-CBFE-40D0-AF4B-D18750F8F83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "7158E609-D504-4938-9651-2A782D319838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "6CF31BF7-3BD2-4EA1-BEA1-C73E5AAD6779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "C9EFC7E5-F1D7-4EB3-B185-A7CFDA961261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "CA34F407-47D1-4F39-B26A-84FCD05EE6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "0B3D4721-7320-423F-8E76-07E4D2E7F6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "58C0D287-58A4-4C8D-9042-29042FA412F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DE51E707-6ABD-431C-B3B7-89D514BFFC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "4437675C-D86D-4903-9641-3AA3D28BD9F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with \"access content\" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node\u0027s title."
},
{
"lang": "es",
"value": "La funcionalidad de autocompletar del m\u00f3dulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x-1.4 de Drupal no cumple las restricciones de acceso, lo que permite a usuarios remotos autenticados, con los privilegios de \"acceso a contenidos\", leer el t\u00edtulo de un nodo no publicado a trav\u00e9s de un valor q=ctools/autocomplete/node/ acompa\u00f1ado del primer caracter del nodo del t\u00edtulo."
}
],
"id": "CVE-2010-1548",
"lastModified": "2024-11-21T01:14:40.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-21T20:30:01.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "cve@mitre.org",
"url": "http://www.madirish.net/?article=458"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.madirish.net/?article=458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 17:29
Modified
2024-11-21 02:37
Severity ?
Summary
ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/10/21/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/76441 | ||
| cve@mitre.org | https://www.drupal.org/node/2554145 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/10/21/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76441 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/node/2554145 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "707AD226-1D2E-46B5-9626-FDD99A5F7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "C5B9EF92-78B1-44DE-83C5-068199E0EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "2C05A815-09CB-4201-8345-89AE530D9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "492C9CF3-A6D8-4BC2-B9CE-6575BEF6C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "3C89BFC4-CBFE-40D0-AF4B-D18750F8F83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "7158E609-D504-4938-9651-2A782D319838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "6CF31BF7-3BD2-4EA1-BEA1-C73E5AAD6779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "C9EFC7E5-F1D7-4EB3-B185-A7CFDA961261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "CA34F407-47D1-4F39-B26A-84FCD05EE6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "0B3D4721-7320-423F-8E76-07E4D2E7F6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "58C0D287-58A4-4C8D-9042-29042FA412F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DE51E707-6ABD-431C-B3B7-89D514BFFC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DDC0B3F6-DF07-4E0A-8F37-3261AD144E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "599655AB-52D9-47E8-B388-CFB4F75DB8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "A7450146-5D5D-4681-99F1-2952AB0855B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "43E0AAD2-2937-4389-BF5E-A63A33723F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.8:*:*:*:*:drupal:*:*",
"matchCriteriaId": "82843F45-7863-4D43-AAC6-E807356D16A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.9:*:*:*:*:drupal:*:*",
"matchCriteriaId": "754DAD0C-555C-41E8-8384-CD5A21442992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.11:*:*:*:*:drupal:*:*",
"matchCriteriaId": "77BC1FBB-7D2A-4651-B9AA-E34DBBAA8B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.12:*:*:*:*:drupal:*:*",
"matchCriteriaId": "081EC9A4-A303-41B7-85AD-2B63D19F6D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.13:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EC29EF2B-3E16-4808-89FA-DE57DBCEAEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "4437675C-D86D-4903-9641-3AA3D28BD9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "5FA4E46D-F7D9-448D-B971-D8EE786EB3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "03BCA1E8-4733-4653-BA48-EEB373DFE218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "5A481BBC-B7DE-4AB7-A582-85E02ADFCAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "00DBF5CE-D194-4446-80C8-C332AD02E50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha4:*:*:*:drupal:*:*",
"matchCriteriaId": "16B9EAD7-E9A4-451D-9A23-E9372C239322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "FAD3327C-8619-4A96-B9C9-FFB4F374492C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "62E855A8-381E-471B-AD3F-811DA35DAAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "F5055F95-FEC4-4C14-8DD6-AD535FBCD401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EFA33F20-D932-42F3-84B0-9E55645D64D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "F56B3706-6AF5-42C9-A565-882AE03ADA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "7683107F-23E1-4220-91FA-CFCDD2129AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "698747A0-461D-409B-B9DE-9059CCF81AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "05D4A651-2FFE-42D1-8412-4C3C4098995F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "FF5CE8CA-69E1-465A-9F16-C96FB1E0F564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "B6B28B89-76C3-4407-84EF-48CBF6FBD783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "67F3EE9A-42F2-47EB-8E1F-666AFDFC3A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "6792E424-EA0A-4341-91E6-9C14446B6FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the \"edit\" permission for the \"content type\" plugins that are used on Panels and similar systems to place content and functionality on a page."
},
{
"lang": "es",
"value": "ctools 6.x-1.x en versiones anteriores a la 6.x-1.14 y 7.x-1.x en versiones anteriores a la 7.x-1.8 en Drupal no verifica el permiso \"edit\" para los plugins \"content type\" que se utilizan en Panels y sistemas similares para colocar contenido y funcionalidades en una p\u00e1gina."
}
],
"id": "CVE-2015-7875",
"lastModified": "2024-11-21T02:37:34.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T17:29:00.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76441"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2554145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2554145"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-16 17:59
Modified
2024-11-21 02:30
Severity ?
Summary
Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | * | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.1 | |
| chaos_tool_suite_project | ctools | 7.x-1.2 | |
| chaos_tool_suite_project | ctools | 7.x-1.3 | |
| chaos_tool_suite_project | ctools | 7.x-1.4 | |
| chaos_tool_suite_project | ctools | 7.x-1.5 | |
| chaos_tool_suite_project | ctools | 7.x-1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "468543BB-7BF6-422C-A775-B0741E866577",
"versionEndIncluding": "6.x-1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "5FA4E46D-F7D9-448D-B971-D8EE786EB3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EFA33F20-D932-42F3-84B0-9E55645D64D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "F56B3706-6AF5-42C9-A565-882AE03ADA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "7683107F-23E1-4220-91FA-CFCDD2129AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "698747A0-461D-409B-B9DE-9059CCF81AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "05D4A651-2FFE-42D1-8412-4C3C4098995F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "FF5CE8CA-69E1-465A-9F16-C96FB1E0F564",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en el m\u00f3dulo Chaos tool suite (ctools) anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores no especificados que involucra las p\u00e1ginas de la eliminaci\u00f3n de de confirmaciones en proceso."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-4398",
"lastModified": "2024-11-21T02:30:59.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-16T17:59:00.973",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/73224"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2454883"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2454885"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2454909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2454883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2454885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2454909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-21 20:30
Modified
2024-11-21 01:14
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.1 | |
| chaos_tool_suite_project | ctools | 6.x-1.2 | |
| chaos_tool_suite_project | ctools | 6.x-1.3 | |
| chaos_tool_suite_project | ctools | 6.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "707AD226-1D2E-46B5-9626-FDD99A5F7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "C5B9EF92-78B1-44DE-83C5-068199E0EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "2C05A815-09CB-4201-8345-89AE530D9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "492C9CF3-A6D8-4BC2-B9CE-6575BEF6C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "3C89BFC4-CBFE-40D0-AF4B-D18750F8F83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "7158E609-D504-4938-9651-2A782D319838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "6CF31BF7-3BD2-4EA1-BEA1-C73E5AAD6779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "C9EFC7E5-F1D7-4EB3-B185-A7CFDA961261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "CA34F407-47D1-4F39-B26A-84FCD05EE6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "0B3D4721-7320-423F-8E76-07E4D2E7F6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "58C0D287-58A4-4C8D-9042-29042FA412F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DE51E707-6ABD-431C-B3B7-89D514BFFC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "4437675C-D86D-4903-9641-3AA3D28BD9F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el m\u00f3dulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x-1.4 de Drupal, permtien a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones que (1) habilitan una p\u00e1gina a trav\u00e9s de un valor q=admin/build/pages/nojs/enable/ o (2) deshabilitan una p\u00e1gina a trav\u00e9s de un valor q=admin/build/pages/nojs/disable/."
}
],
"id": "CVE-2010-1547",
"lastModified": "2024-11-21T01:14:40.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-21T20:30:01.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "cve@mitre.org",
"url": "http://www.madirish.net/?article=458"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.madirish.net/?article=458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-03 21:55
Modified
2024-11-21 01:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.1 | |
| chaos_tool_suite_project | ctools | 6.x-1.2 | |
| chaos_tool_suite_project | ctools | 6.x-1.3 | |
| chaos_tool_suite_project | ctools | 6.x-1.4 | |
| chaos_tool_suite_project | ctools | 6.x-1.5 | |
| chaos_tool_suite_project | ctools | 6.x-1.6 | |
| chaos_tool_suite_project | ctools | 6.x-1.7 | |
| chaos_tool_suite_project | ctools | 6.x-1.8 | |
| chaos_tool_suite_project | ctools | 6.x-1.9 | |
| chaos_tool_suite_project | ctools | 6.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "707AD226-1D2E-46B5-9626-FDD99A5F7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "C5B9EF92-78B1-44DE-83C5-068199E0EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "2C05A815-09CB-4201-8345-89AE530D9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "492C9CF3-A6D8-4BC2-B9CE-6575BEF6C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "3C89BFC4-CBFE-40D0-AF4B-D18750F8F83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "7158E609-D504-4938-9651-2A782D319838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "6CF31BF7-3BD2-4EA1-BEA1-C73E5AAD6779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "C9EFC7E5-F1D7-4EB3-B185-A7CFDA961261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "CA34F407-47D1-4F39-B26A-84FCD05EE6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "0B3D4721-7320-423F-8E76-07E4D2E7F6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "58C0D287-58A4-4C8D-9042-29042FA412F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DE51E707-6ABD-431C-B3B7-89D514BFFC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DDC0B3F6-DF07-4E0A-8F37-3261AD144E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "599655AB-52D9-47E8-B388-CFB4F75DB8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "A7450146-5D5D-4681-99F1-2952AB0855B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "43E0AAD2-2937-4389-BF5E-A63A33723F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.8:*:*:*:*:drupal:*:*",
"matchCriteriaId": "82843F45-7863-4D43-AAC6-E807356D16A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.9:*:*:*:*:drupal:*:*",
"matchCriteriaId": "754DAD0C-555C-41E8-8384-CD5A21442992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "4437675C-D86D-4903-9641-3AA3D28BD9F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en page manager node view task en el m\u00f3dulo Chaos tool suite (ctools) v6.x-1.x antes de v6.x-1.10 para Drupal permite a usuarios remotos autenticados con los permisos para enviar o modificar nodos inyectar secuencias de comandos web o HTML a trav\u00e9s del t\u00edtulo de la p\u00e1gina."
}
],
"id": "CVE-2012-5559",
"lastModified": "2024-11-21T01:44:53.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-03T21:55:02.847",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1840992"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1841030"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51259"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1840992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1841030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-14 23:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.0 | |
| chaos_tool_suite_project | ctools | 7.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "03BCA1E8-4733-4653-BA48-EEB373DFE218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "5A481BBC-B7DE-4AB7-A582-85E02ADFCAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "00DBF5CE-D194-4446-80C8-C332AD02E50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:alpha4:*:*:*:drupal:*:*",
"matchCriteriaId": "16B9EAD7-E9A4-451D-9A23-E9372C239322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "FAD3327C-8619-4A96-B9C9-FFB4F374492C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "62E855A8-381E-471B-AD3F-811DA35DAAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "F5055F95-FEC4-4C14-8DD6-AD535FBCD401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "6792E424-EA0A-4341-91E6-9C14446B6FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el modulo para Drupal la Chaos tool suite (alias ctools) v7.x-1.x antes de v7.x-1.0 permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con el permiso de publicar comentarios a trav\u00e9s una firma de usuario.\r\n"
}
],
"id": "CVE-2012-2082",
"lastModified": "2024-11-21T01:38:27.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-14T23:55:01.830",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1507412"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1507466"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80679"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48616"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52794"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1507412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1507466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-21 20:30
Modified
2024-11-21 01:14
Severity ?
Summary
Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.0 | |
| chaos_tool_suite_project | ctools | 6.x-1.1 | |
| chaos_tool_suite_project | ctools | 6.x-1.2 | |
| chaos_tool_suite_project | ctools | 6.x-1.3 | |
| chaos_tool_suite_project | ctools | 6.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "707AD226-1D2E-46B5-9626-FDD99A5F7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "C5B9EF92-78B1-44DE-83C5-068199E0EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "2C05A815-09CB-4201-8345-89AE530D9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "492C9CF3-A6D8-4BC2-B9CE-6575BEF6C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "3C89BFC4-CBFE-40D0-AF4B-D18750F8F83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "7158E609-D504-4938-9651-2A782D319838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "6CF31BF7-3BD2-4EA1-BEA1-C73E5AAD6779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "C9EFC7E5-F1D7-4EB3-B185-A7CFDA961261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "CA34F407-47D1-4F39-B26A-84FCD05EE6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "0B3D4721-7320-423F-8E76-07E4D2E7F6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "58C0D287-58A4-4C8D-9042-29042FA412F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "DE51E707-6ABD-431C-B3B7-89D514BFFC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "4437675C-D86D-4903-9641-3AA3D28BD9F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with \"administer page manager\" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades en eval (evaluaci\u00f3n directa de c\u00f3digo din\u00e1mico) en la funcionalidad \"import\" el m\u00f3dulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x-1.4 de Drupal; permiten a usuarios remotos autenticados, con privilegios de \"administer page manager\" (gestor de p\u00e1gina administrador), ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de la entrada a un \u00e1rea de texto; relacionado con (1) la funci\u00f3n page_manager_page_import_subtask_validate en page_manager/plugins/tasks/page.admin.inc y (2) la funci\u00f3n page_manager_handler_import_validate de page_manager/page_manager.admin.inc."
}
],
"id": "CVE-2010-1546",
"lastModified": "2024-11-21T01:14:40.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-21T20:30:01.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
},
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
},
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
},
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "cve@mitre.org",
"url": "http://www.madirish.net/?article=458"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2010/May/272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.madirish.net/?article=458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}