- Search404 Versions prior to 1.x-1.1.2
The Search 404 module enables you to redirect 404 pages to a search page on the site for the keywords in the url that was not found.
The module did not filter administrator-provided text before displaying it to the user on the 404 page creating a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer search".
If you use the Search404 module for Backdrop CMS 1.x, upgrade to search 404 1.1.2.
- Geoff St Pierre of the Backdrop Security Team
- Sean Hamlin