// For flags

CVE-2015-6752

 

Severity Score

2.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions.

Vulnerabilidad de XSS en el módulo Search API Autocomplete 7.x-1.x en versiones anteriores a 7.x-1.3 para Drupal, cuando el índice de búsqueda está configurado para utilizar el procesador de filtro HTML, permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, lo que hace que no se manejen correctamente las sugerencias de retorno.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-08-31 CVE Reserved
  • 2015-08-31 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.drupal.org/node/2553485 2015-09-01
https://www.drupal.org/node/2553977 2015-09-01
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Search Api Autocomplete Project
Search vendor "Search Api Autocomplete Project"
 Search Api Autocomplete
Search vendor "Search Api Autocomplete Project" for product "Search Api Autocomplete"
 7.x-1.0
Search vendor "Search Api Autocomplete Project" for product "Search Api Autocomplete" and version "7.x-1.0"
drupal
Affected
Search Api Autocomplete Project
Search vendor "Search Api Autocomplete Project"
 Search Api Autocomplete
Search vendor "Search Api Autocomplete Project" for product "Search Api Autocomplete"
 7.x-1.1
Search vendor "Search Api Autocomplete Project" for product "Search Api Autocomplete" and version "7.x-1.1"
drupal
Affected
Search Api Autocomplete Project
Search vendor "Search Api Autocomplete Project"
 Search Api Autocomplete
Search vendor "Search Api Autocomplete Project" for product "Search Api Autocomplete"
 7.x-1.2
Search vendor "Search Api Autocomplete Project" for product "Search Api Autocomplete" and version "7.x-1.2"
drupal
Affected