Monster Menus
by Drupal
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8095 | 0.00 | — | 0.01 | Nov 9, 2015 | The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern. | |||
| CVE-2013-4504 | 0.00 | — | 0.01 | May 13, 2014 | The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | |||
| CVE-2013-4230 | 0.00 | — | 0.01 | Aug 21, 2013 | The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission… | |||
| CVE-2013-4229 | 0.00 | — | 0.01 | Aug 21, 2013 | Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. |
- CVE-2015-8095Nov 9, 2015risk 0.00cvss —epss 0.01
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
- CVE-2013-4504May 13, 2014risk 0.00cvss —epss 0.01
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
- CVE-2013-4230Aug 21, 2013risk 0.00cvss —epss 0.01
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission…
- CVE-2013-4229Aug 21, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.