3 matches found
CVE-2013-4229
Cross-site scripting XSS vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings...
CVE-2013-4229
The CVE-2013-4229 entry relates to the Monster Menus Drupal module. Affected: Monster Menus 7.x-1.x before 7.x-1.12 on Drupal, with a documented XSS vulnerability where titles in page settings could be manipulated to inject script/HTML. Root cause: insufficient filtering/escaping of titles when p...
SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities
Monster Menus enables you to create granular page permissions, and apply them to a hierarchical page structure. The mmwebform submodule enables you to assign permissions derived from Monster Menus to webform forms. The module doesn't sufficiently filter titles entered into page settings and echoe...