CVE-2013-0227

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

Drupal Search API Sorts Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.The Search API Sorts module is one of the modules that provides custom sorting and global sort blocks for the Search API. A cross-site scripting vulnerability exists in the Drupal Searc...

Search API Sorts - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-016

The Search API Sorts module allows the site administrator to configure custom sort options for their search results and expose the control interface via the core block system. The module doesn't sufficiently sanitise the name of the sort option which is displayed to users. This vulnerability is...

Cross site scripting

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

CVE-2013-0227

The CVE-2013-0227 entry involves Drupal's Search API Sorts module (7.x-1.x) with a XSS vulnerability caused by insufficient filtering of user-entered text in field labels. Affects Drupal 7.x, versions prior to 7.x-1.4. Impact: remote authenticated users with certain roles can inject arbitrary Jav...