Drupal Search Flagged In Site Scan

A Drupal site I was working on was scanned using security tools and the search (built-in Drupal search) was flagged for possible threats for SQL injections based on the text the scan tool was able to submit via the search.  I was wondering if this had been flagged for anyone else and if the text submitted into the search is already being sanitized properly and this finding would be ruled a false-positive.  Just want to be sure if additional filtering is needed on search submissions.

Drupal version: 

Source: https://www.drupal.org/taxonomy/term/22/feed