QwikSec

Security Database

CVE

CWE

Training

CVE-2018-25085

Published: May 1, 2023

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.1

2.4

LOW

Description

A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.

Vendor	Product	Versions
n/a	Responsive Menus	affected `7.x-1.x-dev`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://vuldb.com/?id.227755

vdb-entry

technical-description

https://vuldb.com/?ctiid.227755

signature

permissions-required

https://www.drupal.org/sa-contrib-2018-079

related

https://git.drupalcode.org/project/responsive_menus/-/commit/3c554b31d32a367188f44d44857b061eac949fb8

patch

https://www.drupal.org/project/responsive_menus/releases/7.x-1.7

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.