Lucene search
+L

221 matches found

Prion
Prion
added 2013/03/27 9:55 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the admin view in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name...

2.1CVSS5.7AI score0.01064EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2013/03/27 9:55 p.m.3 views

CVE-2013-0181

Cross-site scripting XSS vulnerability in Views in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...

2.6CVSS5.8AI score0.0135EPSS
Exploits0References9
Prion
Prion
added 2013/03/27 9:55 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Views in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...

2.6CVSS6.2AI score0.0135EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2013/03/27 9:0 p.m.32 views

CVE-2013-2715

CVE-2013-2715 describes a Cross-site scripting (XSS) vulnerability in Drupal’s admin view of the Search API (search_api) module, affecting the 7.x-1.x line prior to 7.x-1.4 . The issue allows remote authenticated users with certain permissions to inject arbitrary web script/HTML via a crafted fie...

2.1CVSS5.4AI score0.01064EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2013/03/27 9:0 p.m.37 views

CVE-2013-0181

The CVE-2013-0181 issue is a Cross-site scripting (XSS) vulnerability in the Drupal Search API module (7.x-1.x) for Drupal 7.x, caused by insufficient sanitization of input in error messages surfaced when using certain backends and facets. Affected component is the Views integration within Search...

2.6CVSS6AI score0.0135EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2013/03/27 9:0 p.m.24 views

CVE-2013-0181

Cross-site scripting XSS vulnerability in Views in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...

5.8AI score0.0135EPSS
Exploits0References8
Cvelist
Cvelist
added 2013/03/27 9:0 p.m.21 views

CVE-2013-2715

Cross-site scripting XSS vulnerability in the admin view in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name...

5.3AI score0.01064EPSS
Exploits0References7
Prion
Prion
added 2013/03/19 2:55 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

2.1CVSS5.7AI score0.00941EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2013/03/19 2:0 p.m.46 views

CVE-2013-0227

The CVE-2013-0227 entry involves Drupal's Search API Sorts module (7.x-1.x) with a XSS vulnerability caused by insufficient filtering of user-entered text in field labels. Affects Drupal 7.x, versions prior to 7.x-1.4. Impact: remote authenticated users with certain roles can inject arbitrary Jav...

2.1CVSS5.5AI score0.00941EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/03/19 2:0 p.m.21 views

CVE-2013-0227

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

5.4AI score0.00941EPSS
Exploits0References4
Drupal
Drupal
added 2013/01/23 12:0 a.m.21 views

SA-CONTRIB-2013-010 - Search API sorts - Cross Site Scripting (XSS)

This module enables you to sort by Search API facets. The module doesn't sufficiently filter user entered text in field labels. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to modify field labels such as "administer taxonomy". CVE identifiers issu...

2.1CVSS6.3AI score0.00941EPSS
Exploits0References9
Drupal
Drupal
added 2013/01/09 12:0 a.m.22 views

SA-CONTRIB-2013-001 - Search API - Cross Site Scripting

This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input when displaying errors in a view with certain backends, including the database backend. This enables attackers to create a Reflected Cross Site...

2.6CVSS5.5AI score0.0135EPSS
Exploits0References11
Prion
Prion
added 2012/12/03 9:55 p.m.17 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...

6.8CVSS7.7AI score0.00636EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2012/12/03 9:0 p.m.50 views

CVE-2012-5547

CVE-2012-5547 concerns the Drupal contributed Search API module (7.x-1.x) vulnerable to Cross-Site Request Forgery (CSRF) before version 7.x-1.3. The flaw allows remote attackers to hijack administrator sessions to perform actions such as enabling a server via a server action or enabling a search...

6.8CVSS7.4AI score0.00636EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/12/03 9:0 p.m.23 views

CVE-2012-5547

Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...

7.2AI score0.00636EPSS
Exploits0References3
Drupal
Drupal
added 2012/10/17 12:0 a.m.21 views

SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)

This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently guard the “enable index” action against Cross Site Request Forgery CSRF attacks which could allow an attacker to enable existing search indexes on your site. This...

6.8CVSS6.5AI score0.00636EPSS
Exploits0References8
Prion
Prion
added 2012/06/27 12:55 a.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...

2.6CVSS6.1AI score0.02155EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2012/06/27 12:0 a.m.45 views

CVE-2012-2712

CVE-2012-2712 affects Drupal’s Search API module (7.x-1.x) up to version 7.x-1.1. The issue is a failure to sufficiently sanitize user input when throwing exceptions or logging errors, enabling remote attackers to inject arbitrary scripts via crafted URLs. Impact is cross-site scripting (XSS) in ...

2.6CVSS5.8AI score0.02155EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2012/06/27 12:0 a.m.24 views

CVE-2012-2712

Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...

5.8AI score0.02155EPSS
Exploits1References8
Drupal
Drupal
added 2012/05/23 12:0 a.m.18 views

SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)

CVE: CVE-2012-2712 This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input in some cases when throwing exceptions or logging errors. This enables attackers to insert arbitrary data into a page by...

2.6CVSS6.3AI score0.02155EPSS
Exploits1References11
Rows per page
Query Builder