Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0