Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Current Search Links模块跨站脚本漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Current Search Links是其中的一个扩展Facet API(创建和管理基于方面Faceted搜索的界面)块的模块。 Drupal Current Search Links模块7.x-1.1之前7.x-1.x版本中存在跨站脚本漏洞。当程序禁用‘Append the keywords passed by the user to the list’选项时,远程攻击者可借助特制的搜索查询利用该漏洞注入任意Web脚
CVSS Information
N/A
Vulnerability Type
N/A