CVE-2013-0227

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

CVE-2015-6752

Cross-site scripting XSS vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...

CVE-2019-12431

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control...

CVE-2019-19629

In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration...

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

CVE-2025-3907

CVE-2025-3907 is a CSRF vulnerability in the Drupal Search API Solr module. The issue affects the module’s Solr integration for Drupal versions from 0.0.0 up to 4.3.8. The root cause is a CSRF flaw in routes handling within the Search API Solr integration, enabling unauthorized actions to be perf...

CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

PT-2025-17661 · Drupal · Drupal Search Api Solr

Name of the Vulnerable Software and Affected Versions: Drupal Search API Solr versions 0.0.0 through 4.3.8 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This issue can be exploited to perform actions on behalf of another...

Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability is mitigated by the fact that a site admin would have to perform further steps afte...

Drupal Search API Solr 安全漏洞

Drupal Search API Solr is a module plugin in the Drupal content management system from the Drupal community. A security vulnerability exists in Drupal Search API Solr versions prior to 4.3.9 that stems from vulnerability to cross-site request forgery attacks...

Drupal Search API Solr module < 4.3.9 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Search API Solr versions 4.3.9...

CVE-2025-27892

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression...

GHSA-3GPX-P63P-PR5R Mattermost Fails to Enforce Certain Search APIs

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

CVE-2025-30179

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

CVE-2025-30179 MFA Enforcement Bypass in Search APIs

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

CVE-2024-51692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

CVE-2024-51692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...