Thomas Seidl

**Name of the Vulnerable Software and Affected Versions** Drupal Facets versions 0.0.0 through 2.0.9 Drupal Facets versions 3.0.0 through 3.0.0 **Description** A missing authorization issue exists in Drupal Facets, potentially allowing forceful browsing. The issue relates to insufficient access controls. **Recommendations** Update Drupal Facets to version 2.0.10 or later. Update Drupal Facets to version 3.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Facets versions prior to 2.0.10 Drupal Facets versions prior to 3.0.1 **Description** A flaw exists in Drupal Facets that allows for Cross-Site Scripting (XSS). This occurs due to improper neutralization of input during web page generation. The issue impacts the way data is handled, potentially allowing malicious scripts to be injected into web pages. **Recommendations** Update Drupal Facets to version 2.0.10 or later. Update Drupal Facets to version 3.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Search API Solr versions 0.0.0 through 4.3.8 **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed. This issue can be exploited to perform actions on behalf of another user without their knowledge or consent. **Recommendations** For versions 0.0.0 through 4.3.8, update to version 4.3.9 or later to resolve the issue.