1 min read

Critical XSS Vulnerability on Search API Pages in Drupal 7

Comment

The Drupal security team has posted CRITICAL cross-site scripting (XSS) vulnerability on Search API pages (SA-CONTRIB-2021-046), dated December 8th, 2021. The Search API pages module enables you to create simple search pages based on Search API without the use of Views. The module doesn’t sufficiently escape all variables provided for custom templates.

This vulnerability is mitigated by the fact that the default template provided by the module is not affected.

Solution

Install the latest version: If you use the Search API Pages module for Drupal 7.x, upgrade to Search API Pages 7.x-1.6.

Source: Drupal.org

Click here to follow us on LinkedIn
Comment
You May Like

Article

Anvil, Level 27, and 3Sign Announced as Sponsors for DrupalCamp Belgium

Anvil, Level 27, and 3Sign Announced as Sponsors for DrupalCamp Belgium

Article

Anvil, Level 27, and 3Sign Announced as Sponsors for DrupalCamp Belgium

Anvil, Level 27, and 3Sign Announced as Sponsors for DrupalCamp Belgium

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

XSS
Drupal 7
Search API
Advertisement Here

Comments

You may also like

You May Like

Article

New Drupal Module Developer Guide Launched by Drupalize.Me

New Drupal Module Developer Guide Launched by Drupalize.Me

Featured

Related

Latest News

Upcoming Events

View All Events

Latest Opportunities

Advertisement Here

Call for Support