2 matches found
CVE-2015-4388
CVE-2015-4388 affects Drupal’s contributed Current Search Links module (7.x-1.x) before 7.x-1.1. The vulnerability arises when the option "Append the keywords passed by the user to the list" is disabled, leaving the module unable to adequately sanitize the user’s search query. This allows remote ...
Current Search Links - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-091
Current Search Links module is an extension to the Facet API Current Search Blocks module. Instead of just showing the current search it turns the current search keywords into links that you can drop from the search. The module doesn't sufficiently sanitize the entered search query, thereby...