Vulnerabilities > Chaos Tool Suite Project > Ctools > 7.x.1.x
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-07 | CVE-2015-7875 | Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. | 5.0 |
2013-07-16 | CVE-2013-1925 | Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list. | 3.5 |
2012-08-14 | CVE-2012-2082 | Cross-Site Scripting vulnerability in Chaos Tool Suite Project Ctools 7.X1.0/7.X1.X Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature. | 2.1 |