MidnightBSD

Advisories for xapian

CVE-2009-2947 MEDIUM

Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xapian omega 0.9.9
xapian omega 0.8.3
xapian omega 1.0.12
xapian omega 1.0.9
xapian omega 0.9.4
xapian omega 0.9.8
xapian omega 0.8.1
xapian omega 0.9.6
xapian omega 1.0.6
xapian omega 0.8.5
xapian omega 1.0.4
xapian omega 1.0.10
xapian omega 0.9.7
xapian omega 1.0.8
xapian omega 0.8.2
xapian omega 0.9.10
xapian omega 0.8.4
xapian omega 0.9.2
xapian omega 1.0.2
xapian omega 0.9.3
xapian omega 1.0.0
xapian omega *
xapian omega 0.8.0
xapian omega 0.9.5
xapian omega 1.0.3
xapian omega 1.0.7
xapian omega 0.9.1
xapian omega 1.0.14
xapian omega 1.0.11
xapian omega 0.9.0
xapian omega 1.0.5
xapian omega 1.0.13
CVE-2018-0499 MEDIUM

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xapian xapian-core *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 17.10