A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().
References
Link | Resource |
---|---|
https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html | Mailing List Vendor Advisory |
https://trac.xapian.org/wiki/SecurityFixes/2018-07-02 | Patch Vendor Advisory |
https://usn.ubuntu.com/3709-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2018-07-02T12:00:00
Updated: 2018-07-11T09:57:01
Reserved: 2017-11-27T00:00:00
Link: CVE-2018-0499
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-02T12:29:00.220
Modified: 2018-08-28T17:46:35.233
Link: CVE-2018-0499
JSON object: View
Redhat Information
No data.
CWE