Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2018-December-05
Vulnerability:
Cross site scripting
Description:
This module enables you to collapse your sites main menu on mobile, and show a menu toggle button.
The module doesn't sufficiently sanitize configuration settings provided by users which leads to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer responsive menus".
Solution:
Install the latest version:
- If you use the responsive_menus module for Drupal 7.x, upgrade to responsive_menus 7.x-1.7
Reported By:
Fixed By:
Coordinated By:
- Michael Hess of the Drupal Security Team
- David Snopek of the Drupal Security Team
