Search API Pages - Critical - Cross Site Scripting - SA-CONTRIB-2021-046

Project: Search API Pages
Date: 2021-December-08
Security risk: Critical 16∕25 
Vulnerability: Cross Site Scripting

Description

This module enables you to create simple search pages based on Search API without the use of Views.

The module doesn’t sufficiently escape all variables provided for custom templates.

This vulnerability is mitigated by the fact that the default template provided by the module is not affected.

Solution

Install the latest version:

If you use the Search API Pages module for Drupal 7.x, upgrade to Search API Pages 7.x-1.6