Chaos Tool Suite Project Ctools — known CVE vulnerabilities
Every CVE whose affected-product data names Chaos Tool Suite Project Ctools, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2015-7875 — CVSS 7.5 (high): ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins…
CVE-2010-1547 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow…
CVE-2010-1546 — CVSS 6.0 (medium): Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for…
CVE-2015-4398 — CVSS 5.8 (medium): Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote…
CVE-2010-2010 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote…
CVE-2015-4375 — CVSS 4.3 (medium): The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an…
CVE-2015-6665 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for…
CVE-2010-1548 — CVSS 3.5 (low): The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access…
CVE-2013-1925 — CVSS 3.5 (low): The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote…
CVE-2012-5559 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10…
CVE-2012-2082 — CVSS 2.1 (low): Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote…