CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Monster Menus Project 1Monster Menus Sep 2, 2025 Jan 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. |
1Monster Menus Project 1Monster Menus Sep 2, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. |
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL patte...Show more |
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. |
1Monster Menus Project 1Monster Menus Apr 29, 2026 Aug 21, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with t...Show more |
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title i...Show more |