RSS   Podatności dla 'Search api autocomplete'   RSS

2015-08-31
 
CVE-2015-6752

 

 
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions.

 


Copyright 2024, cxsecurity.com

 

Back to Top