CVE-2012-2712

Drupal Search API <7.x-1.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.

References (8)

Scores

EPSS 0.0053
EPSS Percentile 66.9%

Classification

CWE
CWE-79
Status published

Affected Products (14)

thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
thomas_seidl/search_api
n/a/n/a

Timeline

Published Jun 27, 2012
Tracked Since Feb 18, 2026