Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x prior to 7.x-1.4 for Drupal, when using certain backends and facets, allows remote malicious users to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thomas seidl search api 7.x-1.0 |
||
thomas seidl search api 7.x-1.1 |
||
thomas seidl search api 7.x-1.2 |
||
thomas seidl search api 7.x-1.3 |
||
thomas seidl search api 7.x-1.x |