Downloads

Download tar.gz 14.84 KB
MD5: 863f6caf6878afaa0a2e3c13ca998660
SHA-1: da53ea6588b4214e8d925f1161ec198ff52b1e51
SHA-256: ddb473ec547fc6599e97d7fa41e1f04a3cda434a66df4accc76886b925e107f5
Download zip 18.57 KB
MD5: e8d9577f90d1a48f7d693a28654df8ef
SHA-1: 60a0399e3eb3629f79edb9348b0393ffc3767b73
SHA-256: 129d36ab381b438a20c59cfb8b3ad5cbd8c77d670b9a7f8c8826267853c3ee2c

Release notes

Menu Breadcrumb menu title XSS (cross-site scripting) issue on admin page fix

The Menu Breadcrumb module does not correctly handle certain user input when displaying the Menu Breadcrumb settings page. Users privileged to manage site menus can insert arbitrary HTML and script code into the administrative settings page for Menu Breadcrumb. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS).

See SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting for more details.

Created by: xurizaemon
Created on: 2 Feb 2010 at 23:44 UTC
Last updated: 1 Aug 2018 at 21:28 UTC
Git tag 6.x-1.3
Security update
Unsupported

Other releases