Name of the Vulnerable Software and Affected Versions: eZ Find extension (affected versions not specified)

Description: The issue affects sites using the "Did you mean...?" spell check / search suggestion feature in the legacy eZ Find extension, which is vulnerable to Cross-site Scripting (XSS) injection, specifically reflected XSS. The vulnerability can be exploited due to insufficient escaping of injected code.

Recommendations: To resolve the issue, install the update as soon as possible by using Composer to update to one of the resolving versions. If you have custom search templates, update them to ensure that "search extras.spellcheck collation" is followed by the "wash" operator, like this: {$search extras.spellcheck collation|wash}. As a temporary workaround, consider disabling the "Did you mean...?" spell check / search suggestion feature until the update is applied.