Silva CMS SilvaFind 1.1.5 and earlier contain a flaw that allows remote cross site scripting.  SilvaFind is a Silva extension offering a highly customizable search solution for use with Silva.

Cross-site scripting occurs where the "fulltext" variable doesn't properly sanitize input upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

The vulnerability is reported in Silva Find version 1.1.5 and prior included in Silva prior to 2.1.0.2, 2.0.12.2, and 1.6.3.2.

References:

BID: 32183

CVE: Pending

OSVDB: 49659

SA: 32585

XF: 46427

Vendor Solution: Update to version 2.1.0.2, 2.0.12.2, or 1.6.3.2.