This module provides a very simple, mobile-friendly navigation toolbar.
The module doesn't sufficiently check for user-provided input.
This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format (like the default "Filtered HTML" format) that won't filter out the exploit code.
Updated 2022-02-02: New maintainers have volunteered for the project and created new releases which includes fixes for the security issues that caused the module to be unsupported.
Update 2022-03-01. New maintainers have volunteered for the project and created a new release which includes fixes for the 3 security issues that caused the module to be unsupported.
jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life.
Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. In addition to the issue covered by SA-CORE-2022-001, further security vulnerabilities disclosed in jQuery UI 1.13.0 may affect Drupal 7 only:
jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life.
Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may affect Drupal 9 and 7:
