117 matches found
[SECURITY] Fedora 21 Update: drupal6-ctools-1.14-1.fc21
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...
[SECURITY] Fedora 23 Update: drupal6-ctools-1.14-1.fc23
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...
Drupal Ajax Handler and Ctools Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Ajax handler is one of the modules used to handle Ajax requests.Ctools Chaos tool suite is one of the API modules used to improve the development experience. A cross-site scripting...
Drupal Ctools Module Security Bypass Vulnerability
Drupal is a free and open source content management system developed in PHP. ctools is one of the API modules used to improve the development experience. A cross-site scripting vulnerability exists in the Drupal Ctools module that could be exploited by remote attackers to bypass security...
CVE-2015-6665
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
CVE-2015-6665
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
Cross site scripting
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
UBUNTU-CVE-2015-6665
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
CVE-2015-6665
CVE-2015-6665 affects Drupal 7.x up to version 7.39 and the Ctools module 6.x up to 6.x-1.14. The XSS flaw resides in the Ajax handler, allowing remote attackers to inject arbitrary scripts/HTML via a whitelisted HTML element (potentially the A tag). Remediation: upgrade to Drupal 7.39 and Ctools...
CVE-2015-6665
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
CVE-2015-6665
Removed by vendor...
Drupal Ctools Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. ctools is one of the API modules used to improve the development experience. A cross-site scripting vulnerability exists in the Drupal Ctools module, which allows remote attackers to exploit the vulnerability to inject...
Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141
Cross Site Scripting XSS Ctools in Drupal 6 provides a number of APIs and extensions for Drupal, and is a dependency for many of the most popular modules, including Views, Panels and Entityreference. Many features introduced in Drupal Core once lived in ctools. This vulnerability can be mitigated...
Fedora Update for drupal7-ctools FEDORA-2015-4312
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-4398
CVE-2015-4398 is an open redirect vulnerability in the Chaos Tool Suite (ctools) Drupal module. Affected versions are CTools 6.x-1.x prior to 6.x-1.12 and 7.x-1.x prior to 7.x-1.7. The root cause is improper sanitization of URLs processed on confirmation delete pages, enabling remote attackers to...
Design/Logic Flaw
The Chaos tool suite ctools module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via 1 an autocomplete search on custom entities without an access query tag or 2 leveraging knowledge of the ID of an entity...
CVE-2015-4375
The CVE-2015-4375 vulnerability affects the Chaos tool suite (ctools) module for Drupal (7.x-1.x prior to 7.x-1.7 and 6.x-1.x prior to 6.x-1.12). It enables remote attackers to obtain sensitive node titles via two attack paths: (1) an autocomplete search on custom entities without an access query...
Fedora 22 : drupal7-ctools-1.7-1.fc22 (2015-4312)
Update to upstream 1.7 release for security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 21 : drupal7-ctools-1.7-1.fc21 (2015-4284)
Update to upstream 1.7 release for security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 20 : drupal7-ctools-1.7-1.fc20 (2015-4280)
Update to upstream 1.7 release for security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...