All the vulnerabilites related to monster_menus_module_project - monster_menus
cve-2013-4229
Vulnerability from cvelistv5
Published
2013-08-21 14:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61710 | vdb-entry, x_refsource_BID | |
| https://drupal.org/node/2059823 | x_refsource_MISC | |
| https://drupal.org/node/2059789 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/08/10/1 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86327 | vdb-entry, x_refsource_XF | |
| http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54391 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "https://drupal.org/node/2059789",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"name": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4229",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8095
Vulnerability from cvelistv5
Published
2015-11-09 16:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.drupal.org/node/2608414 | x_refsource_MISC | |
| https://www.drupal.org/node/2608382 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:30.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-09T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2608414",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2608414"
},
{
"name": "https://www.drupal.org/node/2608382",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2608382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8095",
"datePublished": "2015-11-09T16:00:00Z",
"dateReserved": "2015-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:27.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4230
Vulnerability from cvelistv5
Published
2013-08-21 14:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drupal.org/node/2059807 | x_refsource_CONFIRM | |
| https://drupal.org/node/2059823 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/61711 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2013/08/10/1 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86326 | vdb-entry, x_refsource_XF | |
| https://drupal.org/node/2059805 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54391 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2059807",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059807"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"name": "https://drupal.org/node/2059805",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4230",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4504
Vulnerability from cvelistv5
Published
2014-05-13 15:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drupal.org/node/2123287 | x_refsource_CONFIRM | |
| https://drupal.org/node/2124289 | x_refsource_MISC | |
| http://seclists.org/oss-sec/2013/q4/210 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2123287",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2123287"
},
{
"name": "https://drupal.org/node/2124289",
"refsource": "MISC",
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4504",
"datePublished": "2014-05-13T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-08-21 14:55
Modified
2024-11-21 01:55
Severity ?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E033DF-59CF-498C-A076-BA7DB686188E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C16607-683F-40FC-AA48-012E3E1E83DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA037CFC-79F0-482F-A320-A0FA7EF007F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE24CD-79B4-4AD0-963A-7A76E69BDAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9BE243-196E-4391-A390-60BF9CD8A13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE3A7B-DA7C-4397-819C-1C7E4FB899E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABEDF32-312E-424B-97E6-6B8DB0813999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAE4DF9-F3C0-4A9B-A4A9-CF77B8B47A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC407A9-65B4-4E51-892D-30F9F29E8D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "03A129F5-769D-4A66-B0E8-BE59623780FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCE21E-4166-4C6B-860F-4359E46368CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F10A3425-FA1F-4BB0-925A-1D014A62F819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD4080C-CE70-40B4-B5D4-F3D34648B927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "0C837D15-9083-4D31-BF1A-B781056D2ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "D74C691D-F020-4950-ACF0-3E0743F5630A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "F28942C2-B11A-418E-93E1-592283DC21D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "0745F7A6-2EBE-4BC8-8B13-9C1EC0189D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8845AC79-106D-4B74-89C3-64865A50E2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B7B814-D8D2-4B50-81C7-11B3A3210733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "59FC6D4B-2EFA-4BB8-BCAF-B7CD803E87F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECD3067-C747-4C2F-B16C-08578DABF5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "14B90660-C7E5-432E-9CEF-3DF4AAC52883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "D871A6E4-77FD-4147-A753-E09553348D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39A8F4-FAF2-40EB-A9AB-7261263688FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "72CA4165-A581-4D31-B880-1DB081629073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "756BB5DC-0F97-4BD1-A2F2-5487E0B1F437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.60:*:*:*:*:*:*:*",
"matchCriteriaId": "A581EA28-1325-4761-88FC-9E05B26AC2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0F326-8C25-448E-B775-51A00E94B70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E988B3D0-0E9F-46A3-942F-5B806C19125E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545F78EA-A4C8-4A02-9307-A7161341ABB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC17B5C-B516-4C51-9931-9C61DF551F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87F04C8D-46F8-4011-B8CB-7A2739D73826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F79729F-DC69-4C20-97FC-82CAD7731C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524A1E8F-F1CB-4028-B664-1E97EA56FDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "278CAAEB-C8CE-4BE7-BA48-C353200CCC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A41C450-BADF-41A8-97D2-16C0B41E3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2CA121-6280-4E12-B16E-6731487BAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB655C8-862F-4F4A-95D0-3BE285492936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9FDD6C-B044-4411-8167-42B90122BDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "831B3C4D-0A3A-4F6F-BAF9-D132E4984C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "542F67D5-230B-425D-9F64-B272CA3F01E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
},
{
"lang": "es",
"value": "El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a env\u00edos en formularios web, lo que permite a usuarios remotos autenticados con el permiso \"Who can read data submitted to this webform\" eliminar env\u00edos arbitrarios mediante vectores no especificados."
}
],
"id": "CVE-2013-4230",
"lastModified": "2024-11-21T01:55:10.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-21T14:55:07.150",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059807"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-09 16:59
Modified
2024-11-21 02:38
Severity ?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.drupal.org/node/2608382 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.drupal.org/node/2608414 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/node/2608382 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/node/2608414 | Patch |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0F326-8C25-448E-B775-51A00E94B70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E988B3D0-0E9F-46A3-942F-5B806C19125E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545F78EA-A4C8-4A02-9307-A7161341ABB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC17B5C-B516-4C51-9931-9C61DF551F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87F04C8D-46F8-4011-B8CB-7A2739D73826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F79729F-DC69-4C20-97FC-82CAD7731C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524A1E8F-F1CB-4028-B664-1E97EA56FDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "278CAAEB-C8CE-4BE7-BA48-C353200CCC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A41C450-BADF-41A8-97D2-16C0B41E3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2CA121-6280-4E12-B16E-6731487BAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB655C8-862F-4F4A-95D0-3BE285492936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9FDD6C-B044-4411-8167-42B90122BDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "831B3C4D-0A3A-4F6F-BAF9-D132E4984C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6866ED88-6BB7-45FA-B730-03A1AE8BABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB5823E-CC26-4302-A201-BC1C711658B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EF947A-4B67-45E7-AA83-F92023B69578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "37BF0DAD-F3A5-497F-BF26-0FDE3FFC8BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8428F316-C7B6-4DEB-B882-324A4EE4CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDF8E00-8C4F-4B2F-A430-BF7A0BCE0047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4568D59B-B63A-4F15-A56C-279EC8363FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "72AAAE92-9C07-4354-A8ED-E90EEFD5116D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EE90C9-CD90-40F1-B07A-C46EBBD487C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DF52A08E-A1D6-45A8-92F2-91A26C679342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "74880040-BA9A-4E59-92F4-4B28D373C6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "542F67D5-230B-425D-9F64-B272CA3F01E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
},
{
"lang": "es",
"value": "La funcionalidad recycle bin en el m\u00f3dulo Monster Menus 7.x-1.21 en versiones anteriores a 7.x-1.24 para Drupal no elimina correctamente los nodos de la vista, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un patr\u00f3n URL no especificado."
}
],
"id": "CVE-2015-8095",
"lastModified": "2024-11-21T02:38:00.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-09T16:59:12.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2608382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2608382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2608414"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-13 15:55
Modified
2024-11-21 01:55
Severity ?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_module_project | monster_menus | 7.x-1.0 | |
| monster_menus_module_project | monster_menus | 7.x-1.1 | |
| monster_menus_module_project | monster_menus | 7.x-1.2 | |
| monster_menus_module_project | monster_menus | 7.x-1.3 | |
| monster_menus_module_project | monster_menus | 7.x-1.4 | |
| monster_menus_module_project | monster_menus | 7.x-1.5 | |
| monster_menus_module_project | monster_menus | 7.x-1.6 | |
| monster_menus_module_project | monster_menus | 7.x-1.7 | |
| monster_menus_module_project | monster_menus | 7.x-1.8 | |
| monster_menus_module_project | monster_menus | 7.x-1.9 | |
| monster_menus_module_project | monster_menus | 7.x-1.10 | |
| monster_menus_module_project | monster_menus | 7.x-1.11 | |
| monster_menus_module_project | monster_menus | 7.x-1.12 | |
| monster_menus_module_project | monster_menus | 7.x-1.13 | |
| monster_menus_module_project | monster_menus | 7.x-1.14 | |
| monster_menus_module_project | monster_menus | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0F326-8C25-448E-B775-51A00E94B70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E988B3D0-0E9F-46A3-942F-5B806C19125E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545F78EA-A4C8-4A02-9307-A7161341ABB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC17B5C-B516-4C51-9931-9C61DF551F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87F04C8D-46F8-4011-B8CB-7A2739D73826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F79729F-DC69-4C20-97FC-82CAD7731C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524A1E8F-F1CB-4028-B664-1E97EA56FDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "278CAAEB-C8CE-4BE7-BA48-C353200CCC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A41C450-BADF-41A8-97D2-16C0B41E3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2CA121-6280-4E12-B16E-6731487BAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB655C8-862F-4F4A-95D0-3BE285492936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9FDD6C-B044-4411-8167-42B90122BDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "831B3C4D-0A3A-4F6F-BAF9-D132E4984C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6866ED88-6BB7-45FA-B730-03A1AE8BABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB5823E-CC26-4302-A201-BC1C711658B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "542F67D5-230B-425D-9F64-B272CA3F01E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
},
{
"lang": "es",
"value": "El m\u00f3dulo Monster Menus 7.x-1.x anterior a 7.x-1.15 permite a atacantes remotos leer comentarios de nodo arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-4504",
"lastModified": "2024-11-21T01:55:41.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-13T15:55:04.280",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2123287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2124289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2123287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2124289"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-21 14:55
Modified
2024-11-21 01:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_module_project | monster_menus | 7.x-1.0 | |
| monster_menus_module_project | monster_menus | 7.x-1.1 | |
| monster_menus_module_project | monster_menus | 7.x-1.2 | |
| monster_menus_module_project | monster_menus | 7.x-1.3 | |
| monster_menus_module_project | monster_menus | 7.x-1.4 | |
| monster_menus_module_project | monster_menus | 7.x-1.5 | |
| monster_menus_module_project | monster_menus | 7.x-1.6 | |
| monster_menus_module_project | monster_menus | 7.x-1.7 | |
| monster_menus_module_project | monster_menus | 7.x-1.8 | |
| monster_menus_module_project | monster_menus | 7.x-1.9 | |
| monster_menus_module_project | monster_menus | 7.x-1.10 | |
| monster_menus_module_project | monster_menus | 7.x-1.11 | |
| monster_menus_module_project | monster_menus | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0F326-8C25-448E-B775-51A00E94B70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E988B3D0-0E9F-46A3-942F-5B806C19125E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545F78EA-A4C8-4A02-9307-A7161341ABB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC17B5C-B516-4C51-9931-9C61DF551F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87F04C8D-46F8-4011-B8CB-7A2739D73826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F79729F-DC69-4C20-97FC-82CAD7731C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524A1E8F-F1CB-4028-B664-1E97EA56FDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "278CAAEB-C8CE-4BE7-BA48-C353200CCC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A41C450-BADF-41A8-97D2-16C0B41E3CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2CA121-6280-4E12-B16E-6731487BAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB655C8-862F-4F4A-95D0-3BE285492936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9FDD6C-B044-4411-8167-42B90122BDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "542F67D5-230B-425D-9F64-B272CA3F01E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para a\u00f1adir p\u00e1ginas, inyectar secuencias de comandos web o HTML a trav\u00e9s de un t\u00edtulo en la p\u00e1gina de configuraci\u00f3n."
}
],
"id": "CVE-2013-4229",
"lastModified": "2024-11-21T01:55:10.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-21T14:55:07.117",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059789"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}