This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.
It does not sufficiently sanitize user input such that an admin with permissions to edit a menu may be able to exploit one or more Cross-Site-Scripting (XSS) vulnerabilities.
This vulnerability is mitigated by the fact that an attacker must have permission to administer mega menus and/or create or edit menu links, to inject the XSS.
This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.
The module does not sanitize values for CSS properties that are added by admins and rendered on the front-end, allowing attackers to inject malicious code into the front-end markup.
This module enables sites to define a domain from Domain Access that points directly to a group page.
The module doesn't sufficiently manage the access to content administrative paths allowing an attacker to see and take actions on content (nodes) they should be allowed to.
This module provides a powerful interface for managing a taxonomy vocabulary. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed.
The module does not take the correct user permissions into account, allowing an attacker to delete and move terms.
The issue is mitigated by the fact that an attacker must have permission to create terms in the targeted vocabulary.
This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes.
The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code execution by a limited set of users.
