Search404 - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-008
The Search 404 module enables you to redirect 404 pages to a search page on the site for the keywords in the url that was not found.
The module did not filter administrator-provided text before displaying it to the user on the 404 page creating a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer search".
- Search404 Versions prior to 1.x-1.1.2