CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2015-7875
https://notcve.org/view.php?id=CVE-2015-7875
07 Aug 2017 — ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. ctools 6.x-1.x en versiones anteriores a la 6.x-1.14 y 7.x-1.x en versiones anteriores a la 7.x-1.8 en Drupal no verifica el permiso "edit" para los plugins "content type" que se utilizan en Panels y sistemas similares para colocar contenido y funcionalidades en una página. • http://www.openwall.com/lists/oss-security/2015/10/21/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 78EXPL: 0CVE-2015-6665 – Debian Security Advisory 3346-1
https://notcve.org/view.php?id=CVE-2015-6665
24 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. Vulnerabilidad de XSS en el manejador Ajax en Drupal 7.x en versiones anteriores a la 7.39 y el módulo Ctools 6.x-1.x en versiones anteriores a 6.x-1.14 para Drupal, permite a atacantes remotos inyectar secuencias de coman... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4398
https://notcve.org/view.php?id=CVE-2015-4398
16 Jun 2015 — Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages. Vulnerabilidad de redirección abierta en el módulo Chaos tool suite (ctools) anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar... • http://www.openwall.com/lists/oss-security/2015/03/22/35 •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2012-5559
https://notcve.org/view.php?id=CVE-2012-5559
03 Dec 2012 — Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en page manager node view task en el módulo Chaos tool suite (ctools) v6.x-1.x antes de v6.x-1.10 para Drupal permite a usuarios remotos autenticado... • http://drupal.org/node/1840992 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2010-1546
https://notcve.org/view.php?id=CVE-2010-1546
21 May 2010 — Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc. Multiples vulnerabilidad... • http://drupal.org/node/803944 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2010-1548
https://notcve.org/view.php?id=CVE-2010-1548
21 May 2010 — The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title. La funcionalidad de autocompletar del módulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x-1.4 de Drupal no cumple las restricciones de ac... • http://drupal.org/node/803944 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2010-1547
https://notcve.org/view.php?id=CVE-2010-1547
21 May 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x... • http://drupal.org/node/803944 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2010-2010
https://notcve.org/view.php?id=CVE-2010-2010
21 May 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x-1.4 de Drupal. Permiten a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del título de nodo. • http://drupal.org/node/803944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •