Two vulnerabilities have been reported in the Monster Menus module for Drupal
Drupal Monster Menus Module 6.x and 7.x
The vulnerabilities can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks.
IMPACT ASSES SMENT:
1) Input passed via the title when editing page settings is not properly sanitised before being edited the next time. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
2) An error due to the mm_webform submodule not properly restricting access can be exploited to delete webform submissions.
Cross Site Scripting