Custom Breadcrumbs - Less critical - Cross Site Scripting - SA-CONTRIB-2022-024
Feb 9, 2022
Project: Custom Breadcrumbs Date: 2022-February-09 Security risk: Less critical 8∕25 Vulnerability: Cross Site Scripting
The Custom Breadcrumbs module provides a variety of options for customizing the breadcrumb trail.
The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer custom breadcrumbs" permission.