CVE-2012-2082

Name of the Vulnerable Software and Affected Versions Chaos tool suite (aka CTools) module versions 7.x-1.x before 7.x-1.0

Description The issue allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature, which is a cross-site scripting (XSS) vulnerability.

Recommendations For Chaos tool suite (aka CTools) module versions 7.x-1.x before 7.x-1.0, update to version 7.x-1.0 or later to resolve the issue. As a temporary workaround, consider restricting the post comments permission to minimize the risk of exploitation.