GHSA-xgfm-fjx6-62mj: 
Python vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in readthedocs-sphinx-search versions 0.3.1 and earlier. The vulnerability, identified as GHSA-xgfm-fjx6-62mj, was published on January 15, 2024, and affects the pip package readthedocs-sphinx-search. The issue stems from the search client not properly escaping user content from search results (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 score of 6.3 (Moderate severity) with the following metrics: Network attack vector, Low attack complexity, Low privileges required, User interaction required, Unchanged scope, High confidentiality impact, Low integrity impact, and No availability impact. The vulnerability is classified under CWE-79, relating to cross-site scripting (GitHub Advisory).

This vulnerability could allow an attacker to include arbitrary HTML content in search results by having a user search a malicious project. The impact primarily affects the confidentiality and integrity of the system, with high confidentiality impact and low integrity impact (GitHub Advisory).

The vulnerability has been patched in version 0.3.2 of readthedocs-sphinx-search. Users are advised to update to this version and trigger a new build to mitigate the vulnerability (GitHub Advisory).