Release info

Created by: xurizaemon
Created on: February 2, 2010 - 23:44
Last updated: February 3, 2010 - 16:19
Core compatibility: 6.x
Release type: Security update

Release notes

Menu Breadcrumb menu title XSS (cross-site scripting) issue on admin page fix

The Menu Breadcrumb module does not correctly handle certain user input when displaying the Menu Breadcrumb settings page. Users privileged to manage site menus can insert arbitrary HTML and script code into the administrative settings page for Menu Breadcrumb. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS).

See SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting for more details.