221 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the admin view in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name...
CVE-2013-0181
Cross-site scripting XSS vulnerability in Views in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...
Cross site scripting
Cross-site scripting XSS vulnerability in Views in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...
CVE-2013-2715
CVE-2013-2715 describes a Cross-site scripting (XSS) vulnerability in Drupal’s admin view of the Search API (search_api) module, affecting the 7.x-1.x line prior to 7.x-1.4 . The issue allows remote authenticated users with certain permissions to inject arbitrary web script/HTML via a crafted fie...
CVE-2013-0181
The CVE-2013-0181 issue is a Cross-site scripting (XSS) vulnerability in the Drupal Search API module (7.x-1.x) for Drupal 7.x, caused by insufficient sanitization of input in error messages surfaced when using certain backends and facets. Affected component is the Views integration within Search...
CVE-2013-0181
Cross-site scripting XSS vulnerability in Views in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...
CVE-2013-2715
Cross-site scripting XSS vulnerability in the admin view in the Search API searchapi module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name...
Cross site scripting
Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...
CVE-2013-0227
The CVE-2013-0227 entry involves Drupal's Search API Sorts module (7.x-1.x) with a XSS vulnerability caused by insufficient filtering of user-entered text in field labels. Affects Drupal 7.x, versions prior to 7.x-1.4. Impact: remote authenticated users with certain roles can inject arbitrary Jav...
CVE-2013-0227
Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...
SA-CONTRIB-2013-010 - Search API sorts - Cross Site Scripting (XSS)
This module enables you to sort by Search API facets. The module doesn't sufficiently filter user entered text in field labels. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to modify field labels such as "administer taxonomy". CVE identifiers issu...
SA-CONTRIB-2013-001 - Search API - Cross Site Scripting
This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input when displaying errors in a view with certain backends, including the database backend. This enables attackers to create a Reflected Cross Site...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...
CVE-2012-5547
CVE-2012-5547 concerns the Drupal contributed Search API module (7.x-1.x) vulnerable to Cross-Site Request Forgery (CSRF) before version 7.x-1.3. The flaw allows remote attackers to hijack administrator sessions to perform actions such as enabling a server via a server action or enabling a search...
CVE-2012-5547
Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...
SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)
This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently guard the “enable index” action against Cross Site Request Forgery CSRF attacks which could allow an attacker to enable existing search indexes on your site. This...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...
CVE-2012-2712
CVE-2012-2712 affects Drupal’s Search API module (7.x-1.x) up to version 7.x-1.1. The issue is a failure to sufficiently sanitize user input when throwing exceptions or logging errors, enabling remote attackers to inject arbitrary scripts via crafted URLs. Impact is cross-site scripting (XSS) in ...
CVE-2012-2712
Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...
SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)
CVE: CVE-2012-2712 This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input in some cases when throwing exceptions or logging errors. This enables attackers to insert arbitrary data into a page by...