CVE-2015-6752

Name of the Vulnerable Software and Affected Versions Drupal Search API Autocomplete module versions 7.x-1.x before 7.x-1.3

Description A cross-site scripting (XSS) issue exists in the Search API Autocomplete module for Drupal. This occurs when the search index is configured to use the HTML filter processor, allowing remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. The returned suggestions do not properly handle these injections.

Recommendations For versions prior to 7.x-1.3, update to version 7.x-1.3 or later to resolve the issue.