CVE-2012-2082

Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.

Published: Aug 15, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2082
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
chaos_tool_suite_project / ctools	7.x-1.0-beta1	7.x-1.0-beta1.x
chaos_tool_suite_project / ctools	7.x-1.0-rc1	7.x-1.0-rc1.x
chaos_tool_suite_project / ctools	7.x-1.0-alpha1	7.x-1.0-alpha1.x
chaos_tool_suite_project / ctools	7.x-1.x-dev	7.x-1.x-dev.x
chaos_tool_suite_project / ctools	7.x-1.0-alpha2	7.x-1.0-alpha2.x
chaos_tool_suite_project / ctools	7.x-1.0-alpha3	7.x-1.0-alpha3.x
chaos_tool_suite_project / ctools	7.x-1.0-rc2	7.x-1.0-rc2.x
chaos_tool_suite_project / ctools	7.x-1.0-alpha4	7.x-1.0-alpha4.x

Vulnerability Database

290,206

CVE-2012-2082