3 matches found
CVE-2012-2712
Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...
CVE-2012-2712
CVE-2012-2712 affects Drupal’s Search API module (7.x-1.x) up to version 7.x-1.1. The issue is a failure to sufficiently sanitize user input when throwing exceptions or logging errors, enabling remote attackers to inject arbitrary scripts via crafted URLs. Impact is cross-site scripting (XSS) in ...
SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)
CVE: CVE-2012-2712 This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input in some cases when throwing exceptions or logging errors. This enables attackers to insert arbitrary data into a page by...