2 matches found
Path Breadcrumbs - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-133
This module enables you to configure breadcrumbs for any Drupal page. The module didn't sufficiently filter user input values the in administration interface. This vulnerability was mitigated by the fact that an attacker must have a role with the permission "Administer Path Breadcrumbs". CVE...
SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass
This module enables you to configure breadcrumbs for any Drupal page. The module doesn't check node access on 403 Not Found pages. As a result, unpublished content data can be shown to unprivileged user. This vulnerability is mitigated by the fact that it is possible to configure proper access...