The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.
Privilege Escalation
Monster Menus
NVD
CVSS 2.0
2.6
EPSS
0.3%
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
XSS
Feed Element Mapper
NVD
CVSS 2.0
2.1
EPSS
0.2%