1 min read

Critical XSS Vulnerability on Search API Pages in Drupal 7

The Drupal security team has posted CRITICAL cross-site scripting (XSS) vulnerability on Search API pages (SA-CONTRIB-2021-046), dated December 8th, 2021. The Search API pages module enables you to create simple search pages based on Search API without the use of Views. The module doesn’t sufficiently escape all variables provided for custom templates.

This vulnerability is mitigated by the fact that the default template provided by the module is not affected.

Solution

Install the latest version: If you use the Search API Pages module for Drupal 7.x, upgrade to Search API Pages 7.x-1.6.

Source: Drupal.org

You May Like
Interview
Oaisys 25 Is Almost Here; Vidit Anjaria Has the Inside Story

Oaisys 25 Is Almost Here; Vidit Anjaria Has the Inside Story
Interview
Oaisys 25 Is Almost Here; Vidit Anjaria Has the Inside Story

Oaisys 25 Is Almost Here; Vidit Anjaria Has the Inside Story

ASK: Drupal Community Needs Your Support

View all →
XSS
Drupal 7
Search API

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.

You may also like

You May Like
Article
Studio Umi Reflects on DrupalCon Nara 2025: A Milestone Moment for Japan’s Drupal Community

Studio Umi Reflects on DrupalCon Nara 2025: A Milestone Moment for Japan’s Drupal Community
Build site with Drupal

Featured

Latest News

Upcoming Events

View All Events

Latest Opportunities