漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Search Autocomplete
Vulnerability Description
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal 跨站脚本漏洞
Vulnerability Description
Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。 Search Autocomplete 7.x-4.8版本 for Drupal 7.x版本中存在跨站脚本漏洞,该漏洞源于程序对用户提交的输入验证不当。远程攻击者可借助特制的URL利用该漏洞在用户的Web浏览器中执行脚本。
CVSS Information
N/A
Vulnerability Type
N/A