CVE-2013-4230

medium

Description

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86326

https://drupal.org/node/2059823

https://drupal.org/node/2059807

https://drupal.org/node/2059805

http://www.securityfocus.com/bid/61711

http://www.openwall.com/lists/oss-security/2013/08/10/1

http://secunia.com/advisories/54391

Details

Source: Mitre, NVD

Published: 2013-08-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00764