Lucene search
HistoryMar 27, 2013 - 9:55 p.m.
CVE-2013-0181
cve-2013-0181
cross-site scripting
xss
search api
drupal
nvd
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.3%
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
Affected configurations
Node
thomas_seidlsearch_apiMatch7.x-1.0
ORthomas_seidlsearch_apiMatch7.x-1.0beta1
ORthomas_seidlsearch_apiMatch7.x-1.0beta10
ORthomas_seidlsearch_apiMatch7.x-1.0beta2
ORthomas_seidlsearch_apiMatch7.x-1.0beta3
ORthomas_seidlsearch_apiMatch7.x-1.0beta4
ORthomas_seidlsearch_apiMatch7.x-1.0beta5
ORthomas_seidlsearch_apiMatch7.x-1.0beta6
ORthomas_seidlsearch_apiMatch7.x-1.0beta7
ORthomas_seidlsearch_apiMatch7.x-1.0beta8
ORthomas_seidlsearch_apiMatch7.x-1.0beta9
ORthomas_seidlsearch_apiMatch7.x-1.0rc1
ORthomas_seidlsearch_apiMatch7.x-1.1
ORthomas_seidlsearch_apiMatch7.x-1.2
ORthomas_seidlsearch_apiMatch7.x-1.3
ORthomas_seidlsearch_apiMatch7.x-1.xdev
drupaldrupalMatch-
Related
prion
prion
Cross site scripting
2013-03-27 21:55:00
nvd
nvd
CVE-2013-0181
2013-03-27 21:55:01
cvelist
cvelist
CVE-2013-0181
2013-03-27 21:00:00
drupal
drupal
SA-CONTRIB-2013-001 - Search API - Cross Site Scripting
2013-01-09 00:00:00
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.3%
Related for CVE-2013-0181