PT-2013-2236 · Drupal · Menu Reference
Forest Monsen
·
Published
2013-03-27
·
Updated
2013-04-04
·
CVE-2013-0324
CVSS v2.0
2.1
Low
| Vector | AV:N/AC:H/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Menu Reference module versions 7.x-1.x before 7.x-1.0
Description
A cross-site scripting (XSS) issue exists in the Rendered links formatter of the Menu Reference module, allowing remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the
menu link title.Recommendations
For Menu Reference module versions 7.x-1.x before 7.x-1.0, update to version 7.x-1.0 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Menu Reference