4 matches found
DRUPAL-CONTRIB-2024-011
The Coffee module helps you to navigate through the Drupal admin menus faster with a shortcut popup. The module doesn't sufficiently escape menu names when displaying them in the popup, thereby exposing a XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...
Cross site scripting
Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...
CVE-2013-0324
Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...
SA-CONTRIB-2013-022 - Menu Reference - Cross site scripting (XSS)
Module Menu Reference doesn't escape HTML that contains menu link title displayed in Menu Reference "Rendered links" formatter. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer menus and menu items" to insert HTML code in menu link titl...