CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
This module enables you to add navigation to your webpages colloquially referred to as “breadcrumbs”.
The module doesn’t sufficiently sanitize custom HTML separators for breadcrumbs, thereby exposing a Cross Site Scripting vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer Crumbs”.
Drupal core is not affected. If you do not use the contributed Crumbs module, there is nothing you need to do.
Install the latest version:
Also see the Crumbs project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/crumbs
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/donquixote
www.drupal.org/user/2301194
www.drupal.org/user/3042419
www.drupal.org/writing-secure-code