DRUPAL-CONTRIB-2021-039

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tb_megamenu/DRUPAL-CONTRIB-2021-039.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-039
Published
2021-09-22T17:26:04Z
Modified
2025-12-10T23:33:04.979608Z
Summary
[none]
Details

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.

It does not sufficiently sanitize user input such that an admin with permissions to edit a menu may be able to exploit one or more Cross-Site-Scripting (XSS) vulnerabilities.

This vulnerability is mitigated by the fact that an attacker must have permission to administer mega menus and/or create or edit menu links, to inject the XSS.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/tb_megamenu

Package

Name
drupal/tb_megamenu
Purl
pkg:composer/drupal/tb_megamenu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0
Database specific
{
    "constraint": "<1.4.0"
}

Database specific

affected_versions
"<1.4.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tb_megamenu/DRUPAL-CONTRIB-2021-039.json"