Search criteria
12 vulnerabilities found for monster_menus by monster_menus_module_project
FKIE_CVE-2015-8095
Vulnerability from fkie_nvd - Published: 2015-11-09 16:59 - Updated: 2025-08-27 15:51
Severity ?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.drupal.org/node/2608382 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.drupal.org/node/2608414 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/node/2608382 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/node/2608414 | Patch |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "51618882-CE6A-4804-A1B2-A3AD52A1F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9894E1D1-AA71-405D-B4B5-4A6B696C4E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF17133C-D794-427D-9AC7-A056BEAEF0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "634CC479-34BD-4BB2-A699-F7DD397EA329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F7026C4A-B35F-43FA-B444-4C884B1A0F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC19D80-685A-4AD0-92B2-C812E0CE817D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A63D7CE8-CDAD-4805-8FCC-5361922B2874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7D0663-1FF3-4329-8599-3DC5BBB0CBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FABABD66-B867-4C9C-B575-F33F1E17AA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A17AF67D-1D14-45FA-8CE7-3735130199BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EDB3F-6297-4777-989D-F9EF9D73D206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D2DDE6-6AB8-4BB2-8B3E-767BA2162C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
},
{
"lang": "es",
"value": "La funcionalidad recycle bin en el m\u00f3dulo Monster Menus 7.x-1.21 en versiones anteriores a 7.x-1.24 para Drupal no elimina correctamente los nodos de la vista, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un patr\u00f3n URL no especificado."
}
],
"id": "CVE-2015-8095",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-09T16:59:12.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2608382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2608382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2608414"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4504
Vulnerability from fkie_nvd - Published: 2014-05-13 15:55 - Updated: 2025-08-27 15:51
Severity ?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_project | monster_menus | 7.x-1.0 | |
| monster_menus_project | monster_menus | 7.x-1.1 | |
| monster_menus_project | monster_menus | 7.x-1.2 | |
| monster_menus_project | monster_menus | 7.x-1.3 | |
| monster_menus_project | monster_menus | 7.x-1.4 | |
| monster_menus_project | monster_menus | 7.x-1.5 | |
| monster_menus_project | monster_menus | 7.x-1.6 | |
| monster_menus_project | monster_menus | 7.x-1.7 | |
| monster_menus_project | monster_menus | 7.x-1.8 | |
| monster_menus_project | monster_menus | 7.x-1.9 | |
| monster_menus_project | monster_menus | 7.x-1.10 | |
| monster_menus_project | monster_menus | 7.x-1.11 | |
| monster_menus_project | monster_menus | 7.x-1.12 | |
| monster_menus_project | monster_menus | 7.x-1.13 | |
| monster_menus_project | monster_menus | 7.x-1.14 | |
| monster_menus_project | monster_menus | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "51618882-CE6A-4804-A1B2-A3AD52A1F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9894E1D1-AA71-405D-B4B5-4A6B696C4E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF17133C-D794-427D-9AC7-A056BEAEF0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
},
{
"lang": "es",
"value": "El m\u00f3dulo Monster Menus 7.x-1.x anterior a 7.x-1.15 permite a atacantes remotos leer comentarios de nodo arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-4504",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-13T15:55:04.280",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2123287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2124289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2123287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2124289"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4230
Vulnerability from fkie_nvd - Published: 2013-08-21 14:55 - Updated: 2025-08-27 15:51
Severity ?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F426D106-1E21-4B71-A2D2-5AB534FEEB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B28206EB-06A3-45CE-8B38-03EDE9279D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF1A73-BD2E-418A-8CD0-32B74482A221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "7C798EE3-7EA7-4457-A539-C891AAF37E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "29B8ECF1-EA3E-43C7-A6C3-818351E1579F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0512B8-57EA-400C-B618-327D6066837B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "0B29FC23-67BB-481E-850B-83789B407739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7F12720B-1ECF-47E0-A33A-ED218DDBEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9C5D7C-72A3-43BF-A49F-543DE1E95655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB5BA55-18FF-4F85-82FF-341B2AB63329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0423D2-84E9-43E9-A852-CBED9C374FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "CD47CB10-720A-4DD1-91C6-FF91E1AE89D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "551794E1-335D-4047-9608-E4C49D8E1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "0497A854-D018-4F6F-B49F-1FDC71775F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6B30C1CD-935C-4078-92E1-8B69567658B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "FE792197-F358-43E2-AEEF-347665146DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E4CB2-EA83-4485-8490-4EF234BBEB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8426E0A7-90D5-4F48-B332-E958BB099664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB9F8-7FCF-4B90-A8FA-807DB9DA6FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "56DF7730-8F6E-4033-A507-BC58F819053B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "77F65135-F653-4123-A565-74DCFE4066AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBA6B8B-BE22-41B8-9AE2-2EDB7DBFF6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B8222F8A-E34B-43A0-BFB4-3FEC562FE863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7B6ABF-E64F-4FFA-9002-315E4F31D342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "A411E157-887D-4C9F-AF36-8DF460AC55A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "77F886A2-9949-4675-B064-534A7B1A17C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.60:*:*:*:*:*:*:*",
"matchCriteriaId": "049A03A3-2F31-46AA-B6B9-8827F6869182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "51618882-CE6A-4804-A1B2-A3AD52A1F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
},
{
"lang": "es",
"value": "El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a env\u00edos en formularios web, lo que permite a usuarios remotos autenticados con el permiso \"Who can read data submitted to this webform\" eliminar env\u00edos arbitrarios mediante vectores no especificados."
}
],
"id": "CVE-2013-4230",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-21T14:55:07.150",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059807"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4229
Vulnerability from fkie_nvd - Published: 2013-08-21 14:55 - Updated: 2025-08-27 15:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_project | monster_menus | 7.x-1.0 | |
| monster_menus_project | monster_menus | 7.x-1.1 | |
| monster_menus_project | monster_menus | 7.x-1.2 | |
| monster_menus_project | monster_menus | 7.x-1.3 | |
| monster_menus_project | monster_menus | 7.x-1.4 | |
| monster_menus_project | monster_menus | 7.x-1.5 | |
| monster_menus_project | monster_menus | 7.x-1.6 | |
| monster_menus_project | monster_menus | 7.x-1.7 | |
| monster_menus_project | monster_menus | 7.x-1.8 | |
| monster_menus_project | monster_menus | 7.x-1.9 | |
| monster_menus_project | monster_menus | 7.x-1.10 | |
| monster_menus_project | monster_menus | 7.x-1.11 | |
| monster_menus_project | monster_menus | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para a\u00f1adir p\u00e1ginas, inyectar secuencias de comandos web o HTML a trav\u00e9s de un t\u00edtulo en la p\u00e1gina de configuraci\u00f3n."
}
],
"id": "CVE-2013-4229",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-21T14:55:07.117",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059789"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-8095 (GCVE-0-2015-8095)
Vulnerability from cvelistv5 – Published: 2015-11-09 16:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:30.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-09T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2608414",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2608414"
},
{
"name": "https://www.drupal.org/node/2608382",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2608382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8095",
"datePublished": "2015-11-09T16:00:00Z",
"dateReserved": "2015-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:27.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4504 (GCVE-0-2013-4504)
Vulnerability from cvelistv5 – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2123287",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2123287"
},
{
"name": "https://drupal.org/node/2124289",
"refsource": "MISC",
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4504",
"datePublished": "2014-05-13T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4229 (GCVE-0-2013-4229)
Vulnerability from cvelistv5 – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "https://drupal.org/node/2059789",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"name": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4229",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4230 (GCVE-0-2013-4230)
Vulnerability from cvelistv5 – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2059807",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059807"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"name": "https://drupal.org/node/2059805",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4230",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8095 (GCVE-0-2015-8095)
Vulnerability from nvd – Published: 2015-11-09 16:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:30.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-09T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2608414",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2608414"
},
{
"name": "https://www.drupal.org/node/2608382",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2608382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8095",
"datePublished": "2015-11-09T16:00:00Z",
"dateReserved": "2015-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:27.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4504 (GCVE-0-2013-4504)
Vulnerability from nvd – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2123287",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2123287"
},
{
"name": "https://drupal.org/node/2124289",
"refsource": "MISC",
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4504",
"datePublished": "2014-05-13T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4229 (GCVE-0-2013-4229)
Vulnerability from nvd – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "https://drupal.org/node/2059789",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"name": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4229",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4230 (GCVE-0-2013-4230)
Vulnerability from nvd – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2059807",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059807"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"name": "https://drupal.org/node/2059805",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4230",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}