CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13288 – Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052
https://notcve.org/view.php?id=CVE-2024-13288
09 Jan 2025 — Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. • https://www.drupal.org/sa-contrib-2024-052 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13281 – Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045
https://notcve.org/view.php?id=CVE-2024-13281
09 Jan 2025 — Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. • https://www.drupal.org/sa-contrib-2024-045 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2015-8095
https://notcve.org/view.php?id=CVE-2015-8095
09 Nov 2015 — The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern. La funcionalidad recycle bin en el módulo Monster Menus 7.x-1.21 en versiones anteriores a 7.x-1.24 para Drupal no elimina correctamente los nodos de la vista, lo que permite a atacantes remotos obtener información sensible a través de un patrón URL no especificado. • https://www.drupal.org/node/2608382 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-4504
https://notcve.org/view.php?id=CVE-2013-4504
13 May 2014 — The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. El módulo Monster Menus 7.x-1.x anterior a 7.x-1.15 permite a atacantes remotos leer comentarios de nodo arbitrarios a través de una URL manipulada. • http://seclists.org/oss-sec/2013/q4/210 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4230
https://notcve.org/view.php?id=CVE-2013-4230
21 Aug 2013 — The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a envíos en f... • http://secunia.com/advisories/54391 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 1CVE-2013-4229
https://notcve.org/view.php?id=CVE-2013-4229
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para añadir páginas, inyectar secuencias de comandos web o HTML a través de un título en la página de c... • http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •