Simon Kapadia

Name of the Vulnerable Software and Affected Versions: Search Autocomplete module versions prior to 7.x-4.8 Description: The issue arises from insufficient filtering of user-entered text among autocompletion items, leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion items, such as nodes, users, or comments. Recommendations: For versions prior to 7.x-4.8, update to version 7.x-4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to create autocompletion items, such as nodes, users, or comments, to minimize the risk of exploitation.