Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for ctools by chaos_tool_suite_project

    CVE-2015-7875 (GCVE-0-2015-7875)

    Vulnerability from nvd – Published: 2017-08-07 17:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/node/2554145 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/10/21/2 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/76441 vdb-entryx_refsource_BID
    Date Public
    2015-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:30.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2554145"
              },
              {
                "name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
              },
              {
                "name": "76441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the \"edit\" permission for the \"content type\" plugins that are used on Panels and similar systems to place content and functionality on a page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2554145"
            },
            {
              "name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
            },
            {
              "name": "76441",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7875",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the \"edit\" permission for the \"content type\" plugins that are used on Panels and similar systems to place content and functionality on a page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.drupal.org/node/2554145",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2554145"
                },
                {
                  "name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
                },
                {
                  "name": "76441",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7875",
        "datePublished": "2017-08-07T17:00:00.000Z",
        "dateReserved": "2015-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:30.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-6665 (GCVE-0-2015-6665)

    Vulnerability from nvd – Published: 2015-08-24 14:00 – Updated: 2024-08-06 07:29
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id/1033358 vdb-entryx_refsource_SECTRACK
    https://www.drupal.org/node/2554145 x_refsource_MISC
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/76431 vdb-entryx_refsource_BID
    http://www.debian.org/security/2015/dsa-3346 vendor-advisoryx_refsource_DEBIAN
    https://www.drupal.org/SA-CORE-2015-003 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www.drupal.org/node/2554133 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:29:24.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-14442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
              },
              {
                "name": "FEDORA-2015-14329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
              },
              {
                "name": "FEDORA-2015-13915",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
              },
              {
                "name": "1033358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033358"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2554145"
              },
              {
                "name": "FEDORA-2015-14443",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
              },
              {
                "name": "FEDORA-2015-13917",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
              },
              {
                "name": "76431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76431"
              },
              {
                "name": "DSA-3346",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3346"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/SA-CORE-2015-003"
              },
              {
                "name": "FEDORA-2015-14444",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2554133"
              },
              {
                "name": "FEDORA-2015-14330",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
              },
              {
                "name": "FEDORA-2015-13916",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
              },
              {
                "name": "FEDORA-2015-14331",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-22T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2015-14442",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
            },
            {
              "name": "FEDORA-2015-14329",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
            },
            {
              "name": "FEDORA-2015-13915",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
            },
            {
              "name": "1033358",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033358"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/node/2554145"
            },
            {
              "name": "FEDORA-2015-14443",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
            },
            {
              "name": "FEDORA-2015-13917",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
            },
            {
              "name": "76431",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76431"
            },
            {
              "name": "DSA-3346",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3346"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/SA-CORE-2015-003"
            },
            {
              "name": "FEDORA-2015-14444",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2554133"
            },
            {
              "name": "FEDORA-2015-14330",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
            },
            {
              "name": "FEDORA-2015-13916",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
            },
            {
              "name": "FEDORA-2015-14331",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-6665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2015-14442",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
                },
                {
                  "name": "FEDORA-2015-14329",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
                },
                {
                  "name": "FEDORA-2015-13915",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
                },
                {
                  "name": "1033358",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033358"
                },
                {
                  "name": "https://www.drupal.org/node/2554145",
                  "refsource": "MISC",
                  "url": "https://www.drupal.org/node/2554145"
                },
                {
                  "name": "FEDORA-2015-14443",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
                },
                {
                  "name": "FEDORA-2015-13917",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
                },
                {
                  "name": "76431",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76431"
                },
                {
                  "name": "DSA-3346",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3346"
                },
                {
                  "name": "https://www.drupal.org/SA-CORE-2015-003",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/SA-CORE-2015-003"
                },
                {
                  "name": "FEDORA-2015-14444",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
                },
                {
                  "name": "https://www.drupal.org/node/2554133",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2554133"
                },
                {
                  "name": "FEDORA-2015-14330",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
                },
                {
                  "name": "FEDORA-2015-13916",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
                },
                {
                  "name": "FEDORA-2015-14331",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-6665",
        "datePublished": "2015-08-24T14:00:00.000Z",
        "dateReserved": "2015-08-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:29:24.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-4398 (GCVE-0-2015-4398)

    Vulnerability from nvd – Published: 2015-06-16 17:00 – Updated: 2024-08-06 06:11
    VLAI
    Summary
    Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:11:12.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454885"
              },
              {
                "name": "73224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/73224"
              },
              {
                "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
              },
              {
                "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454909"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-17T17:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2454885"
            },
            {
              "name": "73224",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/73224"
            },
            {
              "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
            },
            {
              "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/node/2454909"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2454883"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-4398",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.drupal.org/node/2454885",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2454885"
                },
                {
                  "name": "73224",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/73224"
                },
                {
                  "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
                },
                {
                  "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
                },
                {
                  "name": "https://www.drupal.org/node/2454909",
                  "refsource": "MISC",
                  "url": "https://www.drupal.org/node/2454909"
                },
                {
                  "name": "https://www.drupal.org/node/2454883",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2454883"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-4398",
        "datePublished": "2015-06-16T17:00:00.000Z",
        "dateReserved": "2015-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:11:12.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-4375 (GCVE-0-2015-4375)

    Vulnerability from nvd – Published: 2015-06-15 14:00 – Updated: 2024-08-06 06:11
    VLAI
    Summary
    The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:11:12.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
              },
              {
                "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454909"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-15T13:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
            },
            {
              "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/node/2454909"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2454883"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-4375",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
                },
                {
                  "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
                },
                {
                  "name": "https://www.drupal.org/node/2454909",
                  "refsource": "MISC",
                  "url": "https://www.drupal.org/node/2454909"
                },
                {
                  "name": "https://www.drupal.org/node/2454883",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2454883"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-4375",
        "datePublished": "2015-06-15T14:00:00.000Z",
        "dateReserved": "2015-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:11:12.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1925 (GCVE-0-2013-1925)

    Vulnerability from nvd – Published: 2013-07-16 18:00 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.211Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1960406"
              },
              {
                "name": "91986",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/91986"
              },
              {
                "name": "drupal-chaostool-node-security-bypass(83254)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1960424"
              },
              {
                "name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2013/Apr/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1960406"
            },
            {
              "name": "91986",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/91986"
            },
            {
              "name": "drupal-chaostool-node-security-bypass(83254)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://drupal.org/node/1960424"
            },
            {
              "name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2013/Apr/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-1925",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
                },
                {
                  "name": "https://drupal.org/node/1960406",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1960406"
                },
                {
                  "name": "91986",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/91986"
                },
                {
                  "name": "drupal-chaostool-node-security-bypass(83254)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
                },
                {
                  "name": "https://drupal.org/node/1960424",
                  "refsource": "CONFIRM",
                  "url": "https://drupal.org/node/1960424"
                },
                {
                  "name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2013/Apr/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-1925",
        "datePublished": "2013-07-16T18:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5559 (GCVE-0-2012-5559)

    Vulnerability from nvd – Published: 2012-12-03 21:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1840992 x_refsource_MISC
    http://drupal.org/node/1841030 x_refsource_CONFIRM
    http://secunia.com/advisories/51259 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/11/20/4 mailing-listx_refsource_MLIST
    Date Public
    2012-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1840992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1841030"
              },
              {
                "name": "51259",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51259"
              },
              {
                "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-07-03T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1840992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1841030"
            },
            {
              "name": "51259",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51259"
            },
            {
              "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5559",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2082 (GCVE-0-2012-2082)

    Vulnerability from nvd – Published: 2012-08-14 23:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/48616 third-party-advisoryx_refsource_SECUNIA
    http://drupalcode.org/project/ctools.git/commit/755b3c4 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/52794 vdb-entryx_refsource_BID
    http://osvdb.org/80679 vdb-entryx_refsource_OSVDB
    http://drupal.org/node/1507466 x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://drupal.org/node/1507412 x_refsource_CONFIRM
    Date Public
    2012-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "48616",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48616"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "52794",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52794"
              },
              {
                "name": "80679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80679"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1507466"
              },
              {
                "name": "drupal-chaos-unspecified-xss(74481)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1507412"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "48616",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48616"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "52794",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52794"
            },
            {
              "name": "80679",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80679"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1507466"
            },
            {
              "name": "drupal-chaos-unspecified-xss(74481)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1507412"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-2082",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "48616",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48616"
                },
                {
                  "name": "http://drupalcode.org/project/ctools.git/commit/755b3c4",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "52794",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52794"
                },
                {
                  "name": "80679",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80679"
                },
                {
                  "name": "http://drupal.org/node/1507466",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1507466"
                },
                {
                  "name": "drupal-chaos-unspecified-xss(74481)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
                },
                {
                  "name": "http://drupal.org/node/1507412",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1507412"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2082",
        "datePublished": "2012-08-14T23:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2010 (GCVE-0-2010-2010)

    Vulnerability from nvd – Published: 2010-05-21 20:00 – Updated: 2024-08-07 02:17
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/39884 third-party-advisoryx_refsource_SECUNIA
    http://drupal.org/node/803944 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/40285 vdb-entryx_refsource_BID
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:17:13.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "chaos-tool-titles-xss(58721)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
              },
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "chaos-tool-titles-xss(58721)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
            },
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "chaos-tool-titles-xss(58721)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
                },
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2010",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:17:13.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1548 (GCVE-0-2010-1548)

    Vulnerability from nvd – Published: 2010-05-21 20:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/39884 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://seclists.org/fulldisclosure/2010/May/272 mailing-listx_refsource_FULLDISC
    http://drupal.org/node/803944 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/40285 vdb-entryx_refsource_BID
    http://www.madirish.net/?article=458 x_refsource_MISC
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "name": "chaos-tool-permissions-sec-bypass(58724)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
              },
              {
                "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/May/272"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/?article=458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with \"access content\" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node\u0027s title."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "name": "chaos-tool-permissions-sec-bypass(58724)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
            },
            {
              "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/May/272"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/?article=458"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with \"access content\" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node\u0027s title."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "chaos-tool-permissions-sec-bypass(58724)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
                },
                {
                  "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/May/272"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                },
                {
                  "name": "http://www.madirish.net/?article=458",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/?article=458"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1548",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:41.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1547 (GCVE-0-2010-1547)

    Vulnerability from nvd – Published: 2010-05-21 20:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/39884 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/fulldisclosure/2010/May/272 mailing-listx_refsource_FULLDISC
    http://drupal.org/node/803944 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/40285 vdb-entryx_refsource_BID
    http://www.madirish.net/?article=458 x_refsource_MISC
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:42.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "chaos-tool-unspecified-csrf(58722)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
              },
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/May/272"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/?article=458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "chaos-tool-unspecified-csrf(58722)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
            },
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/May/272"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/?article=458"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1547",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "chaos-tool-unspecified-csrf(58722)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
                },
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/May/272"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                },
                {
                  "name": "http://www.madirish.net/?article=458",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/?article=458"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1547",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:42.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1546 (GCVE-0-2010-1546)

    Vulnerability from nvd – Published: 2010-05-21 20:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
              },
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
              },
              {
                "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/May/272"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "chaos-tool-import-code-execution(58723)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/?article=458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with \"administer page manager\" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
            },
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
            },
            {
              "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/May/272"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "chaos-tool-import-code-execution(58723)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/?article=458"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with \"administer page manager\" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
                },
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
                },
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
                },
                {
                  "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/May/272"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "chaos-tool-import-code-execution(58723)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
                },
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                },
                {
                  "name": "http://www.madirish.net/?article=458",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/?article=458"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1546",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:41.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7875 (GCVE-0-2015-7875)

    Vulnerability from cvelistv5 – Published: 2017-08-07 17:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/node/2554145 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/10/21/2 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/76441 vdb-entryx_refsource_BID
    Date Public
    2015-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:30.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2554145"
              },
              {
                "name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
              },
              {
                "name": "76441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the \"edit\" permission for the \"content type\" plugins that are used on Panels and similar systems to place content and functionality on a page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2554145"
            },
            {
              "name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
            },
            {
              "name": "76441",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7875",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the \"edit\" permission for the \"content type\" plugins that are used on Panels and similar systems to place content and functionality on a page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.drupal.org/node/2554145",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2554145"
                },
                {
                  "name": "[oss-security] 20151021 Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/21/2"
                },
                {
                  "name": "76441",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7875",
        "datePublished": "2017-08-07T17:00:00.000Z",
        "dateReserved": "2015-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:30.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-6665 (GCVE-0-2015-6665)

    Vulnerability from cvelistv5 – Published: 2015-08-24 14:00 – Updated: 2024-08-06 07:29
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id/1033358 vdb-entryx_refsource_SECTRACK
    https://www.drupal.org/node/2554145 x_refsource_MISC
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/76431 vdb-entryx_refsource_BID
    http://www.debian.org/security/2015/dsa-3346 vendor-advisoryx_refsource_DEBIAN
    https://www.drupal.org/SA-CORE-2015-003 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www.drupal.org/node/2554133 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2015-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:29:24.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-14442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
              },
              {
                "name": "FEDORA-2015-14329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
              },
              {
                "name": "FEDORA-2015-13915",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
              },
              {
                "name": "1033358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033358"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2554145"
              },
              {
                "name": "FEDORA-2015-14443",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
              },
              {
                "name": "FEDORA-2015-13917",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
              },
              {
                "name": "76431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76431"
              },
              {
                "name": "DSA-3346",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3346"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/SA-CORE-2015-003"
              },
              {
                "name": "FEDORA-2015-14444",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2554133"
              },
              {
                "name": "FEDORA-2015-14330",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
              },
              {
                "name": "FEDORA-2015-13916",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
              },
              {
                "name": "FEDORA-2015-14331",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-22T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2015-14442",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
            },
            {
              "name": "FEDORA-2015-14329",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
            },
            {
              "name": "FEDORA-2015-13915",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
            },
            {
              "name": "1033358",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033358"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/node/2554145"
            },
            {
              "name": "FEDORA-2015-14443",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
            },
            {
              "name": "FEDORA-2015-13917",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
            },
            {
              "name": "76431",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76431"
            },
            {
              "name": "DSA-3346",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3346"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/SA-CORE-2015-003"
            },
            {
              "name": "FEDORA-2015-14444",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2554133"
            },
            {
              "name": "FEDORA-2015-14330",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
            },
            {
              "name": "FEDORA-2015-13916",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
            },
            {
              "name": "FEDORA-2015-14331",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-6665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2015-14442",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html"
                },
                {
                  "name": "FEDORA-2015-14329",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html"
                },
                {
                  "name": "FEDORA-2015-13915",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html"
                },
                {
                  "name": "1033358",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033358"
                },
                {
                  "name": "https://www.drupal.org/node/2554145",
                  "refsource": "MISC",
                  "url": "https://www.drupal.org/node/2554145"
                },
                {
                  "name": "FEDORA-2015-14443",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html"
                },
                {
                  "name": "FEDORA-2015-13917",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html"
                },
                {
                  "name": "76431",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76431"
                },
                {
                  "name": "DSA-3346",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3346"
                },
                {
                  "name": "https://www.drupal.org/SA-CORE-2015-003",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/SA-CORE-2015-003"
                },
                {
                  "name": "FEDORA-2015-14444",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html"
                },
                {
                  "name": "https://www.drupal.org/node/2554133",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2554133"
                },
                {
                  "name": "FEDORA-2015-14330",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html"
                },
                {
                  "name": "FEDORA-2015-13916",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html"
                },
                {
                  "name": "FEDORA-2015-14331",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-6665",
        "datePublished": "2015-08-24T14:00:00.000Z",
        "dateReserved": "2015-08-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:29:24.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-4398 (GCVE-0-2015-4398)

    Vulnerability from cvelistv5 – Published: 2015-06-16 17:00 – Updated: 2024-08-06 06:11
    VLAI
    Summary
    Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:11:12.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454885"
              },
              {
                "name": "73224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/73224"
              },
              {
                "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
              },
              {
                "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454909"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-17T17:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2454885"
            },
            {
              "name": "73224",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/73224"
            },
            {
              "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
            },
            {
              "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/node/2454909"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2454883"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-4398",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.drupal.org/node/2454885",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2454885"
                },
                {
                  "name": "73224",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/73224"
                },
                {
                  "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
                },
                {
                  "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
                },
                {
                  "name": "https://www.drupal.org/node/2454909",
                  "refsource": "MISC",
                  "url": "https://www.drupal.org/node/2454909"
                },
                {
                  "name": "https://www.drupal.org/node/2454883",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2454883"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-4398",
        "datePublished": "2015-06-16T17:00:00.000Z",
        "dateReserved": "2015-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:11:12.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-4375 (GCVE-0-2015-4375)

    Vulnerability from cvelistv5 – Published: 2015-06-15 14:00 – Updated: 2024-08-06 06:11
    VLAI
    Summary
    The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:11:12.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
              },
              {
                "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454909"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/node/2454883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-15T13:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
            },
            {
              "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/node/2454909"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.drupal.org/node/2454883"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-4375",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"
                },
                {
                  "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
                },
                {
                  "name": "https://www.drupal.org/node/2454909",
                  "refsource": "MISC",
                  "url": "https://www.drupal.org/node/2454909"
                },
                {
                  "name": "https://www.drupal.org/node/2454883",
                  "refsource": "CONFIRM",
                  "url": "https://www.drupal.org/node/2454883"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-4375",
        "datePublished": "2015-06-15T14:00:00.000Z",
        "dateReserved": "2015-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:11:12.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1925 (GCVE-0-2013-1925)

    Vulnerability from cvelistv5 – Published: 2013-07-16 18:00 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.211Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1960406"
              },
              {
                "name": "91986",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/91986"
              },
              {
                "name": "drupal-chaostool-node-security-bypass(83254)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1960424"
              },
              {
                "name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2013/Apr/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1960406"
            },
            {
              "name": "91986",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/91986"
            },
            {
              "name": "drupal-chaostool-node-security-bypass(83254)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://drupal.org/node/1960424"
            },
            {
              "name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2013/Apr/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-1925",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html"
                },
                {
                  "name": "https://drupal.org/node/1960406",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1960406"
                },
                {
                  "name": "91986",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/91986"
                },
                {
                  "name": "drupal-chaostool-node-security-bypass(83254)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254"
                },
                {
                  "name": "https://drupal.org/node/1960424",
                  "refsource": "CONFIRM",
                  "url": "https://drupal.org/node/1960424"
                },
                {
                  "name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2013/Apr/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-1925",
        "datePublished": "2013-07-16T18:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5559 (GCVE-0-2012-5559)

    Vulnerability from cvelistv5 – Published: 2012-12-03 21:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1840992 x_refsource_MISC
    http://drupal.org/node/1841030 x_refsource_CONFIRM
    http://secunia.com/advisories/51259 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/11/20/4 mailing-listx_refsource_MLIST
    Date Public
    2012-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1840992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1841030"
              },
              {
                "name": "51259",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51259"
              },
              {
                "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-07-03T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1840992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1841030"
            },
            {
              "name": "51259",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51259"
            },
            {
              "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5559",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2082 (GCVE-0-2012-2082)

    Vulnerability from cvelistv5 – Published: 2012-08-14 23:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/48616 third-party-advisoryx_refsource_SECUNIA
    http://drupalcode.org/project/ctools.git/commit/755b3c4 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/52794 vdb-entryx_refsource_BID
    http://osvdb.org/80679 vdb-entryx_refsource_OSVDB
    http://drupal.org/node/1507466 x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://drupal.org/node/1507412 x_refsource_CONFIRM
    Date Public
    2012-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "48616",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48616"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "52794",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52794"
              },
              {
                "name": "80679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80679"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1507466"
              },
              {
                "name": "drupal-chaos-unspecified-xss(74481)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1507412"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "48616",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48616"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "52794",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52794"
            },
            {
              "name": "80679",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80679"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1507466"
            },
            {
              "name": "drupal-chaos-unspecified-xss(74481)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1507412"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-2082",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "48616",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48616"
                },
                {
                  "name": "http://drupalcode.org/project/ctools.git/commit/755b3c4",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/ctools.git/commit/755b3c4"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "52794",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52794"
                },
                {
                  "name": "80679",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80679"
                },
                {
                  "name": "http://drupal.org/node/1507466",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1507466"
                },
                {
                  "name": "drupal-chaos-unspecified-xss(74481)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74481"
                },
                {
                  "name": "http://drupal.org/node/1507412",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1507412"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2082",
        "datePublished": "2012-08-14T23:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1548 (GCVE-0-2010-1548)

    Vulnerability from cvelistv5 – Published: 2010-05-21 20:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/39884 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://seclists.org/fulldisclosure/2010/May/272 mailing-listx_refsource_FULLDISC
    http://drupal.org/node/803944 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/40285 vdb-entryx_refsource_BID
    http://www.madirish.net/?article=458 x_refsource_MISC
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "name": "chaos-tool-permissions-sec-bypass(58724)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
              },
              {
                "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/May/272"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/?article=458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with \"access content\" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node\u0027s title."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "name": "chaos-tool-permissions-sec-bypass(58724)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
            },
            {
              "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/May/272"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/?article=458"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with \"access content\" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node\u0027s title."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "chaos-tool-permissions-sec-bypass(58724)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58724"
                },
                {
                  "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/May/272"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                },
                {
                  "name": "http://www.madirish.net/?article=458",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/?article=458"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1548",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:41.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2010 (GCVE-0-2010-2010)

    Vulnerability from cvelistv5 – Published: 2010-05-21 20:00 – Updated: 2024-08-07 02:17
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/39884 third-party-advisoryx_refsource_SECUNIA
    http://drupal.org/node/803944 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/40285 vdb-entryx_refsource_BID
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:17:13.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "chaos-tool-titles-xss(58721)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
              },
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "chaos-tool-titles-xss(58721)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
            },
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "chaos-tool-titles-xss(58721)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
                },
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2010",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:17:13.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1546 (GCVE-0-2010-1546)

    Vulnerability from cvelistv5 – Published: 2010-05-21 20:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
              },
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
              },
              {
                "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/May/272"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "chaos-tool-import-code-execution(58723)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/?article=458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with \"administer page manager\" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
            },
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
            },
            {
              "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/May/272"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "chaos-tool-import-code-execution(58723)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/?article=458"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with \"administer page manager\" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log"
                },
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9\u0026r2=1.27.2.10"
                },
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log"
                },
                {
                  "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/May/272"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "chaos-tool-import-code-execution(58723)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58723"
                },
                {
                  "name": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6\u0026r2=1.18.2.7"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                },
                {
                  "name": "http://www.madirish.net/?article=458",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/?article=458"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1546",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:41.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1547 (GCVE-0-2010-1547)

    Vulnerability from cvelistv5 – Published: 2010-05-21 20:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/39884 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/fulldisclosure/2010/May/272 mailing-listx_refsource_FULLDISC
    http://drupal.org/node/803944 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/40285 vdb-entryx_refsource_BID
    http://www.madirish.net/?article=458 x_refsource_MISC
    Date Public
    2010-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:42.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "chaos-tool-unspecified-csrf(58722)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
              },
              {
                "name": "39884",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39884"
              },
              {
                "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/May/272"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803944"
              },
              {
                "name": "40285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/?article=458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "chaos-tool-unspecified-csrf(58722)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
            },
            {
              "name": "39884",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39884"
            },
            {
              "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/May/272"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803944"
            },
            {
              "name": "40285",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/?article=458"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1547",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "chaos-tool-unspecified-csrf(58722)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58722"
                },
                {
                  "name": "39884",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39884"
                },
                {
                  "name": "20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/May/272"
                },
                {
                  "name": "http://drupal.org/node/803944",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803944"
                },
                {
                  "name": "40285",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40285"
                },
                {
                  "name": "http://www.madirish.net/?article=458",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/?article=458"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1547",
        "datePublished": "2010-05-21T20:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:42.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }