CVE-2015-4378 Information

Description

Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the \Administer Crumbs\ permission to inject arbitrary web script or HTML via a custom breadcrumb separator.

Reference

http://www.openwall.com/lists/oss-security/2015/04/25/6 https://www.drupal.org/node/2458675 https://www.drupal.org/node/2459315