3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.967 High
EPSS
Percentile
99.7%
CVE: CVE-2012-1651
The Submenu Tree module allows sufficiently privileged users to show a
list of menu entries when displaying a node.
The module does not sanitize some of the user-supplied data before
displaying it, leading to a Cross Site Scripting (XSS)
vulnerability.
The vulnerability is mitigated by the fact that a malicious user must
be assigned a role that includes permissions to edit the Drupal menus.
Drupal core is not affected. If you do not use the contributed Submenu Tree module,
there is nothing you need to do.
Drupal core is not affected. If you do not use the contributed Submenu Tree module, there is nothing you need to do.
Install the latest version:
Please also see the Submenu Tree project
page.
See also the Submenu Tree project page.
drupal.org/contact
drupal.org/node/1132838
drupal.org/project/submenutree
drupal.org/security-team
drupal.org/security-team/risk-levels
drupal.org/security/secure-configuration
drupal.org/user/102818
drupal.org/user/132729
drupal.org/writing-secure-code
en.wikipedia.org/wiki/Cross-site_scripting
drupal.org/user/832278