CVE-2018-0499

medium

Description

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

References

https://usn.ubuntu.com/3709-1/

https://trac.xapian.org/wiki/SecurityFixes/2018-07-02

https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html

Details

Source: Mitre, NVD

Published: 2018-07-02

Updated: 2018-08-28

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N