3 matches found
CVE-2014-7870
Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to...
CVE-2014-7870
CVE-2014-7870 is a Drupal XSS vulnerability in the Custom Search module. Affected: Custom Search 6.x-1.x < 6.x-1.12 and 7.x-1.x
SA-CONTRIB-2014-034 - Custom Search - Cross Site Scripting
The Custom Search module alters the default search box to provide additional search filtering options and control. Custom Search contains a persistent cross-site scripting XSS vulnerability due to the fact that it fails to sanitize filter labels before display. This vulnerability is mitigated by...