xapian-core: Cross-site-scripting in queryparser/termgenerator_internal.cc (CVE-2018-0499)
A cross-site scripting vulnerability was found in
queryparser/termgenerator_internal.cc in Xapian xapian-core
before 1.4.6 due to incomplete HTML escaping by Xapian::MSet::snippet().
Fixed In Version:
xapian-core 1.4.6
References:
https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
(from redmine: issue id 9105, created on 2018-07-17, closed on 2019-05-04)
- Relations:
- copied_to #9106 (closed)
- copied_to #9107 (closed)
- child #9106 (closed)
- child #9107 (closed)