Search Autocomplete
CVE-2018-7603

6.1MEDIUM

Key Information:

Vendor: Drupal
Status: 3rd Party Module - Search Autocomplete
Vendor: CVE Published:; 15 January 2019

What is CVE-2018-7603?

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

3rd party module - Search Autocomplete 7.x-4.x < 7.x-4.8

References

https://www.drupal.org/sa-contrib-2018-070

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2019
Vulnerability Reserved
Mar 1, 2018

Credit

Reported By: Simon Kapadia Fixed By: Dominique CLAUSE

JSON

Drupal