CVE-2015-6752
Summary: CVE-2015-6752 is a cross-site scripting (XSS) vulnerability in Drupal’s Search API Autocomplete module (7.x-1.x, prior to 7.x-1.3). The issue arises when the search index uses the HTML filter processor, allowing remote authenticated users with certain permissions to inject arbitrary web ...