ezsystems/ezfind-ls is vulnerable to Cross-site Scripting (XSS). The vulnerability is caused due to the lack of proper sanitization of the $search_extras.spellcheck_collation
variable in the βDid you meanβ¦?β spell check/search suggestion feature. This may lead to unauthorized code execution, compromising user sessions and enabling various malicious actions by attackers.