ALT-PU-2020-1561-1
Package xapian-core updated to version 1.4.15-alt1 for branch sisyphus in task 248304.
Closed vulnerabilities
Published: 2018-07-02
BDU:2019-00444
Уязвимость функции Xapian::MSet::snippet() библиотеки для полнотекстового поиска Xapian (xapian-core), позволяющая нарушителю осуществить межсайтовое выполнение сценариев
Severity: MEDIUM (6.1)
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
Published: 2018-07-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
- https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
- https://usn.ubuntu.com/3709-1/
- https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
- https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
- https://usn.ubuntu.com/3709-1/