CVE-2013-4504 - Vulnerability Details - OpenCVE

The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Monster Menus Module Project	Monster Menus

Configuration 1 [-]

AND

OR	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.13:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.14:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2123287
https://drupal.org/node/2124289

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-05-13T15:00:00

Updated: 2024-08-06T16:45:14.832Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4504

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-05-13T15:55:04.280

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-4504

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-13T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2123287"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2124289"}, {"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/210"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4504", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2123287", "refsource": "CONFIRM", "url": "https://drupal.org/node/2123287"}, {"name": "https://drupal.org/node/2124289", "refsource": "MISC", "url": "https://drupal.org/node/2124289"}, {"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2013/q4/210"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.832Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2123287"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2124289"}, {"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/210"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4504", "datePublished": "2014-05-13T15:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.832Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "98E0F326-8C25-448E-B775-51A00E94B70C", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E988B3D0-0E9F-46A3-942F-5B806C19125E", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "545F78EA-A4C8-4A02-9307-A7161341ABB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBC17B5C-B516-4C51-9931-9C61DF551F69", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "87F04C8D-46F8-4011-B8CB-7A2739D73826", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9F79729F-DC69-4C20-97FC-82CAD7731C5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "524A1E8F-F1CB-4028-B664-1E97EA56FDD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "278CAAEB-C8CE-4BE7-BA48-C353200CCC43", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*", "matchCriteriaId": "8A41C450-BADF-41A8-97D2-16C0B41E3CB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*", "matchCriteriaId": "0A2CA121-6280-4E12-B16E-6731487BAA7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*", "matchCriteriaId": "BDB655C8-862F-4F4A-95D0-3BE285492936", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*", "matchCriteriaId": "9E9FDD6C-B044-4411-8167-42B90122BDBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*", "matchCriteriaId": "831B3C4D-0A3A-4F6F-BAF9-D132E4984C02", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*", "matchCriteriaId": "6866ED88-6BB7-45FA-B730-03A1AE8BABBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*", "matchCriteriaId": "8EB5823E-CC26-4302-A201-BC1C711658B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "542F67D5-230B-425D-9F64-B272CA3F01E0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL."}, {"lang": "es", "value": "El m\u00f3dulo Monster Menus 7.x-1.x anterior a 7.x-1.15 permite a atacantes remotos leer comentarios de nodo arbitrarios a trav\u00e9s de una URL manipulada."}], "id": "CVE-2013-4504", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-13T15:55:04.280", "references": [{"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/210"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2123287"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/2124289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2013/q4/210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://drupal.org/node/2123287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/2124289"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}