Drupal · Current Search Links · CVE-2015-4388
**Name of the Vulnerable Software and Affected Versions**
Drupal Current Search Links module versions 7.x-1.x before 7.x-1.1
**Description**
A cross-site scripting (XSS) issue exists in the Current Search Links module for Drupal. This occurs when the "Append the keywords passed by the user to the list" option is disabled, allowing remote attackers to inject arbitrary web script or HTML via a crafted search query.
**Recommendations**
For versions 7.x-1.x before 7.x-1.1, update to version 7.x-1.1 or later to resolve the issue.