Panels Breadcrumbs - Moderately critical - Cross site scripting - SA-CONTRIB-2019-007

Project: Panels BreadcrumbsVersion: 7.x-2.3Date: 2019-January-23Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: Panels Breadcrumbs allows you to set your breadcrumbs directly from Panels configuration.
This module doesn't properly sanitize custom breadcrumb configuration in all cases, leading to an XSS vulnerability.
This vulnerability is mitigated by the fact that an attacker must have permission to edit breadcrumb configuration, or the value of a token used in breadcrumb configuration.Solution: If using version 7.x-2.3 or earlier, upgrade to version 7.x-2.4 or later.Reported By: 

Fixed By: 

Coordinated By: 

Path to article