Cross site scripting

2013-03-2721:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name.

CPENameOperatorVersion
search_apieq7.x-1.0 beta3
search_apieq7.120.10
search_apieq7.x-1.0 rc1
search_apieq7.x-1.0 beta5
search_apieq7.x-1.0 beta4
search_apieq7.x-1.0 beta10
search_apieq7.x-1.0 beta9
search_apieq7.x-1.0 beta2
search_apieq7.x-1.0 beta8
search_apieq7.x-1.0 beta7

Name	Operator	Version
search_api	eq	7.x-1.0 beta3
search_api	eq	7.120.10
search_api	eq	7.x-1.0 rc1
search_api	eq	7.x-1.0 beta5
search_api	eq	7.x-1.0 beta4
search_api	eq	7.x-1.0 beta10
search_api	eq	7.x-1.0 beta9
search_api	eq	7.x-1.0 beta2
search_api	eq	7.x-1.0 beta8
search_api	eq	7.x-1.0 beta7

Rows per page:

1-10 of 161

References

drupalcode.org/project/search_api.git/commitdiff/d22cf53

osvdb.org/89116

secunia.com/advisories/51806

www.openwall.com/lists/oss-security/2013/01/15/3

drupal.org/node/1884076

drupal.org/node/1884332

exchange.xforce.ibmcloud.com/vulnerabilities/81154