CVE-2009-2947
Published: 14 September 2009
Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.
Priority
Status
Package | Release | Status |
---|---|---|
xapian-omega Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(1.0.7-3ubuntu1.1)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1.0.17-1)
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(1.0.16)
|
|
Patches: vendor: http://snapshot.debian.org/package/xapian-omega/1.0.7-3%2Blenny1/ debdiff: https://bugs.edge.launchpad.net/bugs/601160 |