Your submission was sent successfully! Close

CVE-2018-0499

Published: 2 July 2018

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

Notes

AuthorNote
leosilva
versions precise/esm, trusty and xenial are not affected
second upstream msg "1.2.x doesn't have this method, so isn't vulnerable".
Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
xapian-core
Launchpad, Ubuntu, Debian
artful
Released (1.4.4-2ubuntu0.1)
bionic
Released (1.4.5-1ubuntu0.1)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (1.4.6-1)
xenial Not vulnerable
(code not present)