Unrated severityNVD Advisory· Published Mar 27, 2013· Updated Apr 29, 2026
CVE-2013-0181
CVE-2013-0181
Description
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
Affected products
16cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:thomas_seidl:search_api:7.x-1.x:dev:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- drupal.org/node/1884076nvdPatch
- drupal.org/node/1884332nvdPatchVendor Advisory
- drupalcode.org/project/search_api.git/commitdiff/35b5728nvd
- osvdb.org/89117nvd
- secunia.com/advisories/51806nvd
- www.openwall.com/lists/oss-security/2013/01/15/3nvd
- www.securityfocus.com/bid/57231nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/81153nvd
News mentions
0No linked articles in our index yet.