VYPR

Ctools

by Drupal

CVEs (3)

  • CVE-2015-7875HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.01

    ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.

  • CVE-2015-6665Aug 24, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to…

  • CVE-2015-4375Jun 15, 2015
    risk 0.00cvss epss 0.01

    The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.