The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting (XSS) vulnerability. The solution is to use the latest updated version.
The module doesn't sufficiently check access for the edit and delete operations. Users with "access content" permission can edit or delete any term. To solve this issue use the latest version.
The Drupal security team announced on February 16th, 2022, the moderately critical information disclosure vulnerability in Drupal Core, SA-CORE-2022-004.
Drupal security team announced on February 16th, 2022, the moderately critical improper input validation vulnerability in Drupal Core, SA-CORE-2022-003.
Drupal Security Team announced a Cross-Site Scripting (XSS) vulnerability SA-CONTRIB-2022-024 that has low criticality index in the Custom Breadcrumbs Module on February 9th, 2022.
Drupal Security team announces a moderately critical access bypass vulnerability SA-CONTRIB-2022-023 in the Fancy File Delete Module on February 9th 2022.