Here is the example of what XSS hacking can do...

This article is from Drupal Security News email.

"The Menu Breadcrumb module allows to use the menu the current page belongs to
as breadcrumb. The module does not properly sanitize parts of the provided
block, leading to a cross-site scripting (XSS [1]) vulnerability. Such an
attack may lead to a malicious user gaining full administrative access.
Mitigating factors: A user must have a role with the permission /administer
blocks/ to exploit this vulnerability."

If you use the contributed Menu, Breadcrumb module, You need to update this module.