Path Breadcrumbs - Moderately critical - Cross site scripting - SA-CONTRIB-2019-027

Project:

Date:

2019-February-27

Security risk:

Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

Vulnerability:

Cross site scripting

Description:

This module enables you to configure breadcrumbs for any Drupal page.

This module doesn't properly sanitize custom breadcrumb configuration in all cases, leading to an XSS vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer Path Breadcrumbs".

Solution:

Install the latest version:

Also see the Path Breadcrumbs project page.

Reported By:

Fixed By:

Coordinated By:

Contact and more information

The Drupal security team can be reached by email at security at drupal.org or via the contact form.

Follow the Drupal Security Team on Bluesky, or Mastodon or Linkedin.

The security team is made up of volunteers around the world. The companies above have sponsored time on this release.