EUVD-2013-0342

Malware in sbrugna...

CVE-2013-0324

Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...

Cross site scripting

Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...

CVE-2013-0324

CVE-2013-0324 concerns the Drupal Menu Reference module. The vulnerability affects Menu Reference 7.x-1.x prior to 7.x-1.0, where the rendered links formatter does not escape HTML in the menu link title. This enables remote authenticated users with the credential to Administer menus and menu item...

SA-CONTRIB-2013-022 - Menu Reference - Cross site scripting (XSS)

Module Menu Reference doesn't escape HTML that contains menu link title displayed in Menu Reference "Rendered links" formatter. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer menus and menu items" to insert HTML code in menu link titl...