The Better Mega Menu - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-039

Project: The Better Mega MenuDate: 2021-September-22Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.
It does not sufficiently sanitize user input such that an admin with permissions to edit a menu may be able to exploit one or more Cross-Site-Scripting (XSS) vulnerabilities.
This vulnerability is mitigated by the fact that an attacker must have permission to administer mega menus and/or create or edit menu links, to inject the XSS. Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article