CVE-2021-38321

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

Cross site scripting

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38321 Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38321 Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38321

The CVE-2021-38321 entry describes a Reflected Cross-Site Scripting vulnerability in the WordPress plugin “Custom Menu Plugin” (versions up to and including 1.3.3). The affected component is the plugin’s file ~/custom-menus.php, with the selected_menu parameter enabling injection of arbitrary scr...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Custom Menu Plugin 1.3.3 and earlier versions, which originates...

WordPress Custom Menu Plugin plugin <= 1.3.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom Menu Plugin plugin versions = 1.3.3. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

CVE-2021-3109

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account...

CVE-2021-3109

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account...

Code injection

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account...

CVE-2021-3109

CVE-2021-3109 affects SolarWinds Orion Platform; the issue is a Reverse Tabnabbing and open redirect vulnerability in the custom menu item options page that exists before version 2020.2.5. Exploitation requires an Orion administrator account and access is via the custom menu item options page. Th...

DRUPAL-CONTRIB-2019-050

This module enables you to handle fields for Custom Menu Links. The module doesn't sufficiently check requests to one of the module controllers if the user has permission 'administer menu'. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create...