CVE-2024-13288
- EPSS 0.16%
- Veröffentlicht 09.01.2025 21:15:26
- Zuletzt bearbeitet 02.09.2025 18:26:45
Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.
CVE-2024-13281
- EPSS 0.17%
- Veröffentlicht 09.01.2025 20:15:37
- Zuletzt bearbeitet 02.09.2025 18:28:05
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.
- EPSS 0.25%
- Veröffentlicht 09.11.2015 16:59:12
- Zuletzt bearbeitet 27.08.2025 15:51:13
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
CVE-2013-4504
- EPSS 0.28%
- Veröffentlicht 13.05.2014 15:55:04
- Zuletzt bearbeitet 27.08.2025 15:51:13
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
CVE-2013-4229
- EPSS 0.25%
- Veröffentlicht 21.08.2013 14:55:07
- Zuletzt bearbeitet 27.08.2025 15:51:13
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
- EPSS 0.76%
- Veröffentlicht 21.08.2013 14:55:07
- Zuletzt bearbeitet 27.08.2025 15:51:13
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitte...