Fedora 18 : drupal6-ctools-1.10-1.fc18 (2012-19508)

New security fix, http://drupal.org/node/1841030. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 17 : drupal6-ctools-1.10-1.fc17 (2012-19464)

New security release, http://drupal.org/node/1841030. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

CVE-2012-5559

Cross-site scripting XSS vulnerability in the page manager node view task in the Chaos tool suite ctools module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title...

CVE-2012-5559

CVE-2012-5559: Drupal ctools 6.x-1.x before 6.x-1.10 contains a cross-site scripting (XSS) vulnerability in the page manager node view task, exploitable by remote authenticated users with permissions to submit or edit nodes to inject arbitrary script via the page title. Fedora advisories and Drup...

SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS)

The Chaos tool suite is primarily a set of APIs and tools to improve the developer experience. The page manager node view task does not sufficiently escape node titles when setting the page title, allowing XSS. This vulnerability is partially mitigate by the node task being disabled by default an...