Unrated severityNVD Advisory· Published Mar 27, 2013· Updated Apr 29, 2026
CVE-2013-0324
CVE-2013-0324
Description
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
Affected products
1- cpe:2.3:a:tomasbarej:menu_reference:7.x-1.x:dev:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- drupal.org/node/1922434nvdPatch
- drupal.org/node/1922446nvdPatchVendor Advisory
- drupalcode.org/project/menu_reference.git/commitdiff/7e7367dnvdPatch
- www.openwall.com/lists/oss-security/2013/02/21/5nvd
News mentions
0No linked articles in our index yet.