DRUPAL-CONTRIB-2022-024

Import Source

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-024

Published

2022-02-09T15:20:08Z

Modified

2025-12-10T23:33:24.809060Z

Summary

[none]

Details

The Custom Breadcrumbs module provides a variety of options for customizing the breadcrumb trail.

The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer custom breadcrumbs" permission.

References

Credits

Affected packages

Type

ECOSYSTEM

Events

Introduced

Fixed

1.0.1

Database specific

{
    "constraint": "<1.0.1"
}

affected_versions

"<1.0.1"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/custom_breadcrumbs/DRUPAL-CONTRIB-2022-024.json"