Download menu_breadcrumb-6.x-1.3.tar.gztar.gz 14.84 KB
MD5: 863f6caf6878afaa0a2e3c13ca998660
SHA-1: da53ea6588b4214e8d925f1161ec198ff52b1e51
SHA-256: ddb473ec547fc6599e97d7fa41e1f04a3cda434a66df4accc76886b925e107f5
Download menu_breadcrumb-6.x-1.3.zipzip 18.57 KB
MD5: e8d9577f90d1a48f7d693a28654df8ef
SHA-1: 60a0399e3eb3629f79edb9348b0393ffc3767b73
SHA-256: 129d36ab381b438a20c59cfb8b3ad5cbd8c77d670b9a7f8c8826267853c3ee2c

Release info

Created by: xurizaemon
Created on: February 2, 2010 - 23:44
Last updated: February 3, 2010 - 16:19
Core compatibility: 6.x
Release type: Security update

Release notes

Menu Breadcrumb menu title XSS (cross-site scripting) issue on admin page fix

The Menu Breadcrumb module does not correctly handle certain user input when displaying the Menu Breadcrumb settings page. Users privileged to manage site menus can insert arbitrary HTML and script code into the administrative settings page for Menu Breadcrumb. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS).

See SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting for more details.

Dependencies

The selected release is the release that will be used for automated testing. Optional projects are only used for testing.

Required

No required projects

Optional

No optional projects