10 matches found
EUVD-2012-5445
Malware in sbrugna...
CVE-2012-5553
Multiple cross-site scripting XSS vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the 1 Menu Title 2 Link Title, 3 Path...
CVE-2012-6065
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...
CVE-2012-6065
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the 1 Menu Title 2 Link Title, 3 Path...
Code injection
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...
CVE-2012-6065
The CVE-2012-6065 vulnerability affects the Drupal OM Maximenu module (6.x-1.43 and earlier). When the “Title has PHP” option is enabled, remote authenticated users with the "Administer OM Maximenu" permission can trigger execution of arbitrary PHP code via a Link Title. This is a distinct issue ...
CVE-2012-6065
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...
CVE-2012-5553
CVE-2012-5553 relates to multiple XSS vulnerabilities in the Drupal OM Maximenu module. Affected software: OM Maximenu 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44. The issue arises when authenticated users with the "administer OM Maximenu" permission can inject arbitrary web script or HTM...
SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS)
This module enables you to create custom menus with effects and integrate module blocks as it's menu item content. The module doesn't sufficiently state the risk of giving permission to create OM Maximenus. This vulnerability is mitigated by the fact that an attacker must have a role with the...