CVE-2013-0324: XSS
First published: Wed Mar 27 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tomasbarej Menu Reference | =7.x-1.x-dev | |
| Drupal |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0324?
CVE-2013-0324 has been classified as a moderate severity vulnerability due to the potential for unauthorized web script injection.
How do I fix CVE-2013-0324?
To fix CVE-2013-0324, update the Menu Reference module to version 7.x-1.0 or later.
Who is affected by CVE-2013-0324?
CVE-2013-0324 affects remote authenticated users with the "Administer menus and menu items" permission in Drupal installations using the vulnerable version of the Menu Reference module.
What kind of attack can CVE-2013-0324 enable?
CVE-2013-0324 can enable cross-site scripting (XSS) attacks, allowing attackers to execute arbitrary web scripts or HTML in the context of affected users.
Which version of the Menu Reference module is vulnerable according to CVE-2013-0324?
The vulnerable version of the Menu Reference module is 7.x-1.x before 7.x-1.0.
- agent/references
- agent/softwarecombine
- agent/type
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tomasbarej
- canonical/tomasbarej menu reference
- version/tomasbarej menu reference/7.x-1.x-dev
- vendor/drupal
- canonical/drupal