CVE-2013-0181

Name of the Vulnerable Software and Affected Versions Drupal search api module versions 7.x-1.x before 7.x-1.4

Description A cross-site scripting (XSS) issue exists in the Search API module for Drupal. This occurs when using certain backends and facets, allowing remote attackers to inject arbitrary web script or HTML via unspecified input. The malicious input is returned in an error message.

Recommendations For versions prior to 7.x-1.4, update to version 7.x-1.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of certain backends and facets in the search api module until a patch is applied.