Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x prior to 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote malicious users to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thomas_seidl search_api 7.x-1.0 |
||
thomas_seidl search_api 7.x-1.x |