XSS in Drupal Responsive Menus 7.x-1.x via Admin Form, fixed 7.x-1.7
CVE-2018-25085 Published on May 1, 2023
Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting
A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.
Timeline
Advisory disclosed
CVE reserved 1606 days later.
VulDB entry created
VulDB entry last update 25 days later.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2018-25085 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2018-25085
Want to know whenever a new CVE is published for Drupal Responsive Menus? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.