Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-7603

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2018-7603


Contact Us

Shodan ® - All rights reserved