Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Search API Autocomplete模块跨站脚本漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Search API Autocomplete是其中的一个用于在搜索时对搜索字段添加自动完成功能并提供一个建议列表的模块。 Drupal Search API Autocomplete模块7.x-1.3之前7.x-1.x版本中存在跨站脚本漏洞。当程序配置搜索索引用于使用HTML过滤器程序时,远程攻击者可利用该漏洞以特定的权限注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A