Easy Breadcrumb - Critical - Cross Site Scripting - SA-CONTRIB-2019-053

Project: Easy BreadcrumbVersion: 7.x-2.x-devDate: 2019-June-19Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: This module enables you to use the current URL (path alias) and the current page's title to automatically extract the breadcrumb's segments and its respective links then show them as breadcrumbs on your website.
The module doesn't sufficiently sanitise user input in certain circumstances.
This vulnerability does not require any permissions but can be mitigated by un-checking the 'Allow HTML tags in breadcrumb text' setting (enabled by default). In some cases browsers' built-in XSS protection may prevent exploitation.Solution: Install the latest version:

Also see the Easy Breadcrumb project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-053