Lucene search
PRIOn knowledge basePRION:CVE-2018-7603HistoryJan 15, 2019 - 10:29 p.m.
Cross site scripting
2019-01-1522:29:00
PRIOn knowledge base
www.prio-n.com
4
0.001 Low
EPSS
Percentile
34.0%
In Drupal’s 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn’t sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.
| CPE | Name | Operator | Version |
|---|---|---|---|
| search_autocomplete | eq | < 7.x-4.8 |
References
Related
ibm
ibm
cve
cve
CVE-2018-7603
2019-01-15 22:29:00
cvelist
cvelist
CVE-2018-7603 Search Autocomplete
2019-01-15 22:00:00
drupal
drupal
nvd
nvd
CVE-2018-7603
2019-01-15 22:29:00