17 matches found
CVE-2025-7013
Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2016-15052
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
EUVD-2016-10796
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2016-15052
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2016-15052
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2016-15052
Nagios XI is affected: versions prior to 5.2.4 are vulnerable to cross-site scripting via the web interface’s Menu System. The root cause is insufficient validation/escaping of user-supplied input, enabling an attacker to inject and execute arbitrary script in a victim’s browser. The connected Re...
CVE-2016-15052 Nagios XI < 5.2.4 XSS via Menu System
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2016-15052 Nagios XI < 5.2.4 XSS via Menu System
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
PT-2025-44540
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2025-49579
CVE-2025-49579 affects the Citizen MediaWiki skin. The vulnerability arises because all system messages in Menu.mustache are inserted as raw HTML, enabling stored XSS when a user with editinterface but lacking editsitejs can edit messages. Affected versions are prior to Citizen 3.3.1, with fixed ...
dynastychineserestaurant.com XSS vulnerability
Open Bug Bounty ID: OBB-258334 Description| Value ---|--- Affected Website:| dynastychineserestaurant.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
SolarWind LEM Default SSH Password Remote Code Execution Exploit
This module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted...
Design/Logic Flaw
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to 1 edit the profile pages of arbitrary users, and obtain sensitive information from 2 tracker and 3 blog pages, related to a missing check for the "access content" permission; and 4 allows remote...
CVE-2008-1729
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to 1 edit the profile pages of arbitrary users, and obtain sensitive information from 2 tracker and 3 blog pages, related to a missing check for the "access content" permission; and 4 allows remote...
CVE-2008-1729
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to 1 edit the profile pages of arbitrary users, and obtain sensitive information from 2 tracker and 3 blog pages, related to a missing check for the "access content" permission; and 4 allows remote...
CVE-2008-1729
CVE-2008-1729 (Drupal 6 before 6.2) : The vulnerability arises in Drupal’s menu system due to a missing check for the "access content" permission, enabling remote attackers to (1) edit arbitrary users’ profile pages and read sensitive data from (2) tracker pages and (3) blog pages. Additionally, ...
MDKA-2006:049 : desktop-common-data
There were some problems with the menu system in Mandriva Linux 2007. Some menu categories were not displayed or properly translated, and editing the menus with the GNOME menu editor alacarte was not working. This update fixes these problems. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...