{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2018-25085","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-04-29T09:47:42.805Z","datePublished":"2023-05-01T05:00:03.819Z","dateUpdated":"2024-08-05T12:33:47.826Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-20T12:38:31.207Z"},"title":"Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Cross Site Scripting"}]}],"affected":[{"vendor":"n/a","product":"Responsive Menus","versions":[{"version":"7.x-1.x-dev","status":"affected"}],"modules":["Configuration Setting Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755."},{"lang":"de","value":"In Responsive Menus 7.x-1.x-dev für Drupal wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion responsive_menus_admin_form_submit der Datei responsive_menus.module der Komponente Configuration Setting Handler. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 7.x-1.7 vermag dieses Problem zu lösen. Der Patch wird als 3c554b31d32a367188f44d44857b061eac949fb8 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N"}}],"timeline":[{"time":"2018-12-05T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-04-29T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-04-29T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-05-24T10:35:07.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.227755","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.227755","tags":["signature","permissions-required"]},{"url":"https://www.drupal.org/sa-contrib-2018-079","tags":["related"]},{"url":"https://git.drupalcode.org/project/responsive_menus/-/commit/3c554b31d32a367188f44d44857b061eac949fb8","tags":["patch"]},{"url":"https://www.drupal.org/project/responsive_menus/releases/7.x-1.7","tags":["patch"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T12:33:47.826Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.227755","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.227755","tags":["signature","permissions-required","x_transferred"]},{"url":"https://www.drupal.org/sa-contrib-2018-079","tags":["related","x_transferred"]},{"url":"https://git.drupalcode.org/project/responsive_menus/-/commit/3c554b31d32a367188f44d44857b061eac949fb8","tags":["patch","x_transferred"]},{"url":"https://www.drupal.org/project/responsive_menus/releases/7.x-1.7","tags":["patch","x_transferred"]}]}]}}