Ayesh Karunaratne

**Name of the Vulnerable Software and Affected Versions** Responsive Menus versions 7.x-1.x-dev through 7.x-1.6 **Description** A vulnerability was found in the Responsive Menus module on Drupal, affecting the `responsive menus admin form submit` function of the `responsive menus.module` file. This issue leads to cross-site scripting and can be exploited remotely. **Recommendations** Upgrade to version 7.x-1.7 to address this issue. As a temporary workaround, consider disabling the `responsive menus admin form submit` function until the patch is applied. Restrict access to the `responsive menus.module` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drupal Core versions 7.x prior to 7.62 Drupal Core versions 8.5.x prior to 8.5.9 Drupal Core versions 8.6.x prior to 8.6.6 **Description** The issue is related to the PEAR Archive Tar library used by Drupal Core, which has a security update that affects some Drupal configurations. The vulnerability is associated with the restoration of an unreliable data structure in memory, allowing a remote attacker to potentially execute arbitrary code. **Recommendations** For Drupal Core version 7.x, update to version 7.62 or later. For Drupal Core version 8.5.x, update to version 8.5.9 or later. For Drupal Core version 8.6.x, update to version 8.6.6 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 6.x-1.6 **Description** A cross-site request forgery (CSRF) issue exists in the Registration codes module, allowing remote attackers to hijack the authentication of administrators for requests that delete registration codes. **Recommendations** For versions prior to 6.x-1.6, update to version 6.x-1.6 or later to resolve the issue.