Unrated severityNVD Advisory· Published Aug 21, 2013· Updated Apr 29, 2026
CVE-2013-4229
CVE-2013-4229
Description
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
Affected products
13cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*
- cpe:2.3:a:monster_menus_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- drupal.org/node/2059789nvdPatch
- drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.incnvdExploitPatch
- secunia.com/advisories/54391nvdVendor Advisory
- drupal.org/node/2059823nvdVendor Advisory
- www.openwall.com/lists/oss-security/2013/08/10/1nvd
- www.securityfocus.com/bid/61710nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/86327nvd
News mentions
0No linked articles in our index yet.