Reflected XSS on Search page of PrestaShop

@@ -24,6 +24,47 @@ International Registered Trademark & Property of PrestaShop SA
 Release Notes for PrestaShop 1.7
 --------------------------------
 
+####################################
+#   v1.7.6.5 - (2020-04-17)
+####################################
+- Back Office:
+  - Bug fix:
+    - #18637: Fix sidebar not displayed in BO Add employee page (by @Progi1984)
+    - #18607: Fix wrong number of "Last emails" in BO - Customer View page (by @PululuK)
+    - #17920: Wrong redirection when using the quick search for a category (by @PululuK)
+    - #18064: Fix error when trying to translate Serbian using the BO interface (by @eternoendless)
+- Front Office:
+  - Bug fix:
+    - #18633: Convert cart rule value when order currency is different (by @sowbiba)
+    - #18493: Change product redirection rules to redirect to valid attribute url (by @jolelievre)
+    - #18103: Duplicate address when submitting a form with errors (by @PierreRambaud)
+- Core:
+  - Improvement:
+    - #18638: Update version to 1.7.6.5 (by @PierreRambaud)
+  - Bug fix:
+    - #GHSA-cvjj-grfv-f56w - Improper access control on product page with combinations, attachments and specific prices (by @PierreRambaud)
+    - #GHSA-4wxg-33h3-3w5r - Improper access control on product attributes page (by @PierreRambaud)
+    - #GHSA-r6rp-6gv6-r9hq - Improper access control on customers search (by @PierreRambaud)
+    - #GHSA-74vp-ww64-w2gm - Improper Access Control (by @PierreRambaud)
+    - #GHSA-98j8-hvjv-x47j - Reflected XSS related in import page (by @PierreRambaud)
+    - #GHSA-j3r6-33hf-m8wh - Reflected XSS with back parameter (by @PierreRambaud)
+    - #GHSA-mrpj-67mq-3fr5 - Reflected XSS on Exception page (by @PierreRambaud)
+    - #GHSA-q6pr-42v5-v97q - Reflected XSS on AdminCarts page (by @PierreRambaud)
+    - #GHSA-rpg3-f23r-jmqv - Reflected XSS on Search page (by @PierreRambaud)
+    - #GHSA-m2x6-c2c6-pjrx - Reflected XSS with dashboard calendar (by @PierreRambaud)
+    - #GHSA-375w-q56h-h7qc - Open redirection when using back parameter (by @PierreRambaud)
+    - #GHSA-87jh-7xpg-6v93 - Reflected XSS on AdminFeatures page (by @PierreRambaud)
+    - #GHSA-7fmr-5vcc-329j - Reflected XSS on AdminAttributesGroups page (by @PierreRambaud)
+    - #GHSA-48vj-vvr6-jj4f - Reflected XSS in security compromised page (by @PierreRambaud)
+
+- Installer:
+  - Bug fix:
+    - #18491: Installation under CLI doesn't take BASE_URI and Apache rewrite in consideration (by @PierreRambaud)
+    - #18451: Use scandir instead of readdir to get sorted entities (by @PierreRambaud)
+- Tests:
+  - Bug fix:
+    - #18309: Change test fixtures that need to be in the future (by @jolelievre)
+
 ####################################
 #   v1.7.6.4 - (2020-03-02)
 ####################################

@@ -391,11 +391,11 @@ public function processSave()
             $this->errors[] = $this->trans('Aliases and results are both required.', array(), 'Admin.Shopparameters.Notification');
         }
         if (!Validate::isValidSearch($search)) {
-            $this->errors[] = $search . ' ' . $this->trans('Is not a valid result', array(), 'Admin.Shopparameters.Notification');
+            $this->errors[] = Tools::safeOutput($search) . ' ' . $this->trans('Is not a valid result', array(), 'Admin.Shopparameters.Notification');
         }
         foreach ($aliases as $alias) {
             if (!Validate::isValidSearch($alias)) {
-                $this->errors[] = $alias . ' ' . $this->trans('Is not a valid alias', array(), 'Admin.Shopparameters.Notification');
+                $this->errors[] = Tools::safeOutput($alias) . ' ' . $this->trans('Is not a valid alias', array(), 'Admin.Shopparameters.Notification');
             }
         }