Drupal · Wp Autocomplete Search · CVE-2018-7603
Name of the Vulnerable Software and Affected Versions:
Search Autocomplete module versions prior to 7.x-4.8
Description:
The issue arises from insufficient filtering of user-entered text among autocompletion items, leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion items, such as nodes, users, or comments.
Recommendations:
For versions prior to 7.x-4.8, update to version 7.x-4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to create autocompletion items, such as nodes, users, or comments, to minimize the risk of exploitation.