VYPR

Monster Menus

by Drupal

CVEs (4)

  • CVE-2015-8095Nov 9, 2015
    risk 0.00cvss epss 0.01

    The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.

  • CVE-2013-4504May 13, 2014
    risk 0.00cvss epss 0.01

    The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.

  • CVE-2013-4230Aug 21, 2013
    risk 0.00cvss epss 0.01

    The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission…

  • CVE-2013-4229Aug 21, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.