Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x prior to 7.x-1.4 for Drupal, when using certain backends and facets, allows remote malicious users to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thomas_seidl search_api 7.x-1.0 |
||
thomas_seidl search_api 7.x-1.3 |
||
thomas_seidl search_api 7.x-1.x |
||
thomas_seidl search_api 7.x-1.2 |
||
thomas_seidl search_api 7.x-1.1 |