Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x prior to 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote malicious users to inject arbitrary web script or HTML via a crafted search query.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
current search links project current search links 7.x-1.x-dev |
||
current search links project current search links 7.x-1.0 |