Search criteria
18 vulnerabilities found for monster_menus by monster_menus_project
FKIE_CVE-2024-13288
Vulnerability from fkie_nvd - Published: 2025-01-09 21:15 - Updated: 2025-09-02 18:26
Severity ?
Summary
Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.
References
| URL | Tags | ||
|---|---|---|---|
| mlhess@drupal.org | https://www.drupal.org/sa-contrib-2024-052 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_project | monster_menus | * | |
| monster_menus_project | monster_menus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "E5669A94-5908-41FB-8857-82790EE25CDA",
"versionEndExcluding": "9.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "4686015B-C180-41D3-A892-E538B73A7188",
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en Drupal Monster Menus permite la inyecci\u00f3n de objetos. Este problema afecta a Monster Menus: desde 0.0.0 antes de 9.3.4, desde 9.4.0 antes de 9.4.2."
}
],
"id": "CVE-2024-13288",
"lastModified": "2025-09-02T18:26:45.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-09T21:15:26.220",
"references": [
{
"source": "mlhess@drupal.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2024-052"
}
],
"sourceIdentifier": "mlhess@drupal.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "mlhess@drupal.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-13281
Vulnerability from fkie_nvd - Published: 2025-01-09 20:15 - Updated: 2025-09-02 18:28
Severity ?
Summary
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.
References
| URL | Tags | ||
|---|---|---|---|
| mlhess@drupal.org | https://www.drupal.org/sa-contrib-2024-045 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_project | monster_menus | * | |
| monster_menus_project | monster_menus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EAA6E5E5-ACDA-469E-B255-297C363EF82F",
"versionEndExcluding": "7.x-1.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "8FF868CA-6C01-4305-8681-8068F072E834",
"versionEndExcluding": "9.3.2",
"versionStartIncluding": "9.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n incorrecta en Drupal Monster Menus permite una navegaci\u00f3n forzada. Este problema afecta a Monster Menus: desde 0.0.0 antes de 9.3.2."
}
],
"id": "CVE-2024-13281",
"lastModified": "2025-09-02T18:28:05.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-09T20:15:37.017",
"references": [
{
"source": "mlhess@drupal.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2024-045"
}
],
"sourceIdentifier": "mlhess@drupal.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "mlhess@drupal.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2015-8095
Vulnerability from fkie_nvd - Published: 2015-11-09 16:59 - Updated: 2025-08-27 15:51
Severity ?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.drupal.org/node/2608382 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.drupal.org/node/2608414 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/node/2608382 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/node/2608414 | Patch |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "51618882-CE6A-4804-A1B2-A3AD52A1F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9894E1D1-AA71-405D-B4B5-4A6B696C4E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF17133C-D794-427D-9AC7-A056BEAEF0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "634CC479-34BD-4BB2-A699-F7DD397EA329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F7026C4A-B35F-43FA-B444-4C884B1A0F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC19D80-685A-4AD0-92B2-C812E0CE817D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A63D7CE8-CDAD-4805-8FCC-5361922B2874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7D0663-1FF3-4329-8599-3DC5BBB0CBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FABABD66-B867-4C9C-B575-F33F1E17AA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A17AF67D-1D14-45FA-8CE7-3735130199BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EDB3F-6297-4777-989D-F9EF9D73D206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D2DDE6-6AB8-4BB2-8B3E-767BA2162C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
},
{
"lang": "es",
"value": "La funcionalidad recycle bin en el m\u00f3dulo Monster Menus 7.x-1.21 en versiones anteriores a 7.x-1.24 para Drupal no elimina correctamente los nodos de la vista, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un patr\u00f3n URL no especificado."
}
],
"id": "CVE-2015-8095",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-09T16:59:12.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2608382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2608382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2608414"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4504
Vulnerability from fkie_nvd - Published: 2014-05-13 15:55 - Updated: 2025-08-27 15:51
Severity ?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_project | monster_menus | 7.x-1.0 | |
| monster_menus_project | monster_menus | 7.x-1.1 | |
| monster_menus_project | monster_menus | 7.x-1.2 | |
| monster_menus_project | monster_menus | 7.x-1.3 | |
| monster_menus_project | monster_menus | 7.x-1.4 | |
| monster_menus_project | monster_menus | 7.x-1.5 | |
| monster_menus_project | monster_menus | 7.x-1.6 | |
| monster_menus_project | monster_menus | 7.x-1.7 | |
| monster_menus_project | monster_menus | 7.x-1.8 | |
| monster_menus_project | monster_menus | 7.x-1.9 | |
| monster_menus_project | monster_menus | 7.x-1.10 | |
| monster_menus_project | monster_menus | 7.x-1.11 | |
| monster_menus_project | monster_menus | 7.x-1.12 | |
| monster_menus_project | monster_menus | 7.x-1.13 | |
| monster_menus_project | monster_menus | 7.x-1.14 | |
| monster_menus_project | monster_menus | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "51618882-CE6A-4804-A1B2-A3AD52A1F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9894E1D1-AA71-405D-B4B5-4A6B696C4E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF17133C-D794-427D-9AC7-A056BEAEF0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
},
{
"lang": "es",
"value": "El m\u00f3dulo Monster Menus 7.x-1.x anterior a 7.x-1.15 permite a atacantes remotos leer comentarios de nodo arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-4504",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-13T15:55:04.280",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2123287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2124289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2123287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2124289"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4230
Vulnerability from fkie_nvd - Published: 2013-08-21 14:55 - Updated: 2025-08-27 15:51
Severity ?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F426D106-1E21-4B71-A2D2-5AB534FEEB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B28206EB-06A3-45CE-8B38-03EDE9279D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF1A73-BD2E-418A-8CD0-32B74482A221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "7C798EE3-7EA7-4457-A539-C891AAF37E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "29B8ECF1-EA3E-43C7-A6C3-818351E1579F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0512B8-57EA-400C-B618-327D6066837B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "0B29FC23-67BB-481E-850B-83789B407739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7F12720B-1ECF-47E0-A33A-ED218DDBEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9C5D7C-72A3-43BF-A49F-543DE1E95655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB5BA55-18FF-4F85-82FF-341B2AB63329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0423D2-84E9-43E9-A852-CBED9C374FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "CD47CB10-720A-4DD1-91C6-FF91E1AE89D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "551794E1-335D-4047-9608-E4C49D8E1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "0497A854-D018-4F6F-B49F-1FDC71775F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6B30C1CD-935C-4078-92E1-8B69567658B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "FE792197-F358-43E2-AEEF-347665146DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E4CB2-EA83-4485-8490-4EF234BBEB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8426E0A7-90D5-4F48-B332-E958BB099664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB9F8-7FCF-4B90-A8FA-807DB9DA6FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "56DF7730-8F6E-4033-A507-BC58F819053B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "77F65135-F653-4123-A565-74DCFE4066AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBA6B8B-BE22-41B8-9AE2-2EDB7DBFF6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B8222F8A-E34B-43A0-BFB4-3FEC562FE863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7B6ABF-E64F-4FFA-9002-315E4F31D342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "A411E157-887D-4C9F-AF36-8DF460AC55A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "77F886A2-9949-4675-B064-534A7B1A17C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:6.x-6.60:*:*:*:*:*:*:*",
"matchCriteriaId": "049A03A3-2F31-46AA-B6B9-8827F6869182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "51618882-CE6A-4804-A1B2-A3AD52A1F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
},
{
"lang": "es",
"value": "El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a env\u00edos en formularios web, lo que permite a usuarios remotos autenticados con el permiso \"Who can read data submitted to this webform\" eliminar env\u00edos arbitrarios mediante vectores no especificados."
}
],
"id": "CVE-2013-4230",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-21T14:55:07.150",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059807"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4229
Vulnerability from fkie_nvd - Published: 2013-08-21 14:55 - Updated: 2025-08-27 15:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| monster_menus_project | monster_menus | 7.x-1.0 | |
| monster_menus_project | monster_menus | 7.x-1.1 | |
| monster_menus_project | monster_menus | 7.x-1.2 | |
| monster_menus_project | monster_menus | 7.x-1.3 | |
| monster_menus_project | monster_menus | 7.x-1.4 | |
| monster_menus_project | monster_menus | 7.x-1.5 | |
| monster_menus_project | monster_menus | 7.x-1.6 | |
| monster_menus_project | monster_menus | 7.x-1.7 | |
| monster_menus_project | monster_menus | 7.x-1.8 | |
| monster_menus_project | monster_menus | 7.x-1.9 | |
| monster_menus_project | monster_menus | 7.x-1.10 | |
| monster_menus_project | monster_menus | 7.x-1.11 | |
| monster_menus_project | monster_menus | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "387079CC-E29E-42B4-BA96-0D9DEB02C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "897362CE-78ED-4177-B0A8-0164C5B9D9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA56DCD2-95DB-4D0B-80F1-40F5FF77D7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA35F41F-D978-49CC-B17B-44CB652D9FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E4A68B-0860-4FD6-AA7F-153E077ED4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1F27FE-41BD-4222-9CCC-99D196B358D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B953F1B9-C93B-43C4-A338-A75C58F5C749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB532078-695C-4F2F-AD63-DD45857B3E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6188C115-D99D-4351-BB12-360DEA370484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB7F5-DE00-4D0E-AC40-CFC18A077038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD0E1B-9BBD-4A48-BDBA-082A7F478806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBD2FD9-8746-4C5C-BD3E-4D93D7B0FD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1D3010D1-A70C-4D77-8679-61CA9D8BD7B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para a\u00f1adir p\u00e1ginas, inyectar secuencias de comandos web o HTML a trav\u00e9s de un t\u00edtulo en la p\u00e1gina de configuraci\u00f3n."
}
],
"id": "CVE-2013-4229",
"lastModified": "2025-08-27T15:51:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-21T14:55:07.117",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059789"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2059789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-13288 (GCVE-0-2024-13288)
Vulnerability from cvelistv5 – Published: 2025-01-09 20:14 – Updated: 2025-01-10 14:51
VLAI?
Summary
Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.
Severity ?
4.3 (Medium)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Monster Menus |
Affected:
0.0.0 , < 9.3.4
(semver)
Affected: 9.4.0 , < 9.4.2 (semver) |
Credits
Drew Webber
Drew Webber
Dan Wilga
Greg Knaddison
Juraj Nemec
Drew Webber
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T14:49:48.123940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T14:51:10.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/monster_menus",
"defaultStatus": "unaffected",
"product": "Monster Menus",
"repo": "https://git.drupalcode.org/project/monster_menus",
"vendor": "Drupal",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Drew Webber"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Dan Wilga"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber"
}
],
"datePublic": "2024-10-23T15:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.\u003cp\u003eThis issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T20:14:17.954Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13288",
"datePublished": "2025-01-09T20:14:17.954Z",
"dateReserved": "2025-01-09T18:28:24.381Z",
"dateUpdated": "2025-01-10T14:51:10.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13281 (GCVE-0-2024-13281)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:35 – Updated: 2025-01-10 16:26
VLAI?
Summary
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.
Severity ?
9.1 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Monster Menus |
Affected:
0.0.0 , < 9.3.2
(semver)
|
Credits
Dan Wilga
Dan Wilga
Ian McBride
Greg Knaddison
Juraj Nemec
Damien McKenna
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:25:35.535357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:26:12.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/monster_menus",
"defaultStatus": "unaffected",
"product": "Monster Menus",
"repo": "https://git.drupalcode.org/project/monster_menus",
"vendor": "Drupal",
"versions": [
{
"lessThan": "9.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dan Wilga"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Dan Wilga"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Ian McBride"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "coordinator",
"value": "Damien McKenna"
}
],
"datePublic": "2024-10-09T15:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.\u003cp\u003eThis issue affects Monster Menus: from 0.0.0 before 9.3.2.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:35:17.772Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-045"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13281",
"datePublished": "2025-01-09T19:35:17.772Z",
"dateReserved": "2025-01-09T18:28:16.958Z",
"dateUpdated": "2025-01-10T16:26:12.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8095 (GCVE-0-2015-8095)
Vulnerability from cvelistv5 – Published: 2015-11-09 16:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:30.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-09T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2608414",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2608414"
},
{
"name": "https://www.drupal.org/node/2608382",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2608382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8095",
"datePublished": "2015-11-09T16:00:00Z",
"dateReserved": "2015-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:27.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4504 (GCVE-0-2013-4504)
Vulnerability from cvelistv5 – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2123287",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2123287"
},
{
"name": "https://drupal.org/node/2124289",
"refsource": "MISC",
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4504",
"datePublished": "2014-05-13T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4229 (GCVE-0-2013-4229)
Vulnerability from cvelistv5 – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "https://drupal.org/node/2059789",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"name": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4229",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4230 (GCVE-0-2013-4230)
Vulnerability from cvelistv5 – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2059807",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059807"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"name": "https://drupal.org/node/2059805",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4230",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13288 (GCVE-0-2024-13288)
Vulnerability from nvd – Published: 2025-01-09 20:14 – Updated: 2025-01-10 14:51
VLAI?
Summary
Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.
Severity ?
4.3 (Medium)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Monster Menus |
Affected:
0.0.0 , < 9.3.4
(semver)
Affected: 9.4.0 , < 9.4.2 (semver) |
Credits
Drew Webber
Drew Webber
Dan Wilga
Greg Knaddison
Juraj Nemec
Drew Webber
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T14:49:48.123940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T14:51:10.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/monster_menus",
"defaultStatus": "unaffected",
"product": "Monster Menus",
"repo": "https://git.drupalcode.org/project/monster_menus",
"vendor": "Drupal",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "9.4.2",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Drew Webber"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Dan Wilga"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber"
}
],
"datePublic": "2024-10-23T15:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.\u003cp\u003eThis issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T20:14:17.954Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13288",
"datePublished": "2025-01-09T20:14:17.954Z",
"dateReserved": "2025-01-09T18:28:24.381Z",
"dateUpdated": "2025-01-10T14:51:10.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13281 (GCVE-0-2024-13281)
Vulnerability from nvd – Published: 2025-01-09 19:35 – Updated: 2025-01-10 16:26
VLAI?
Summary
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.
Severity ?
9.1 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Monster Menus |
Affected:
0.0.0 , < 9.3.2
(semver)
|
Credits
Dan Wilga
Dan Wilga
Ian McBride
Greg Knaddison
Juraj Nemec
Damien McKenna
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:25:35.535357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:26:12.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/monster_menus",
"defaultStatus": "unaffected",
"product": "Monster Menus",
"repo": "https://git.drupalcode.org/project/monster_menus",
"vendor": "Drupal",
"versions": [
{
"lessThan": "9.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dan Wilga"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Dan Wilga"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Ian McBride"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "coordinator",
"value": "Damien McKenna"
}
],
"datePublic": "2024-10-09T15:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.\u003cp\u003eThis issue affects Monster Menus: from 0.0.0 before 9.3.2.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:35:17.772Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-045"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13281",
"datePublished": "2025-01-09T19:35:17.772Z",
"dateReserved": "2025-01-09T18:28:16.958Z",
"dateUpdated": "2025-01-10T16:26:12.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8095 (GCVE-0-2015-8095)
Vulnerability from nvd – Published: 2015-11-09 16:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:30.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-09T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2608414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2608382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2608414",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2608414"
},
{
"name": "https://www.drupal.org/node/2608382",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2608382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8095",
"datePublished": "2015-11-09T16:00:00Z",
"dateReserved": "2015-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:27.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4504 (GCVE-0-2013-4504)
Vulnerability from nvd – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2123287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2123287",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2123287"
},
{
"name": "https://drupal.org/node/2124289",
"refsource": "MISC",
"url": "https://drupal.org/node/2124289"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4504",
"datePublished": "2014-05-13T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4229 (GCVE-0-2013-4229)
Vulnerability from nvd – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61710"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "https://drupal.org/node/2059789",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059789"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "drupal-monstermenus-title-xss(86327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86327"
},
{
"name": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4229",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4230 (GCVE-0-2013-4230)
Vulnerability from nvd – Published: 2013-08-21 14:00 – Updated: 2024-08-06 16:38
VLAI?
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the \"Who can read data submitted to this webform\" permission to delete arbitrary submissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2059807",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059807"
},
{
"name": "https://drupal.org/node/2059823",
"refsource": "MISC",
"url": "https://drupal.org/node/2059823"
},
{
"name": "61711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61711"
},
{
"name": "[oss-security] 20130809 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "monstermenus-mmwebform-security-bypass(86326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86326"
},
{
"name": "https://drupal.org/node/2059805",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2059805"
},
{
"name": "54391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4230",
"datePublished": "2013-08-21T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}