Custom Breadcrumbs - Less critical - Cross Site Scripting - SA-CONTRIB-2022-024

Custom Breadcrumbs - Less critical - Cross Site Scripting - SA-CONTRIB-2022-024

Project: Custom Breadcrumbs
Date: 2022-February-09
Security risk: Less critical 8∕25 
Vulnerability: Cross Site Scripting

Description

The Custom Breadcrumbs module provides a variety of options for customizing the breadcrumb trail.

The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer custom breadcrumbs" permission.

Solution

Install the latest version:

If you use the Custom Breadcrumbs module for Drupal 8.x or 9.x, upgrade to Custom Breadcrumbs 1.0.1

We value your opinion. Please add your feedback.