In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://www.drupal.org/sa-contrib-2018-070 |     | 
History
                    Tue, 17 Sep 2024 03:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Title | Search Autocomplete | Search Autocomplete | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: drupal
Published: 2019-01-15T22:00:00Z
Updated: 2024-09-17T02:57:47.547Z
Reserved: 2018-03-01T00:00:00
Link: CVE-2018-7603
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2019-01-15T22:29:00.297
Modified: 2024-11-21T04:12:26.150
Link: CVE-2018-7603
 Redhat
                        Redhat
                    No data.