Mother May I
Monthly
Stored/reflected cross-site scripting (CWE-79) affects the Drupal contributed module 'Mother May I' across all released versions (*.*), letting attackers inject script that executes in the browser context of other Drupal users. Because the module is a Drupal add-on rather than core, exposure is limited to sites that have installed it, and no public exploit has been identified. EPSS is low (0.15%, 5th percentile) and the flaw is not on the CISA KEV list, indicating no known active exploitation despite the vendor-assigned 9.8 rating.
Stored/reflected cross-site scripting (CWE-79) affects the Drupal contributed module 'Mother May I' across all released versions (*.*), letting attackers inject script that executes in the browser context of other Drupal users. Because the module is a Drupal add-on rather than core, exposure is limited to sites that have installed it, and no public exploit has been identified. EPSS is low (0.15%, 5th percentile) and the flaw is not on the CISA KEV list, indicating no known active exploitation despite the vendor-assigned 9.8 rating.