Package xapian-core updated to version 1.4.15-alt1 for branch p9 in task 258827.

Published: 2018-07-02

BDU:2019-00444

Уязвимость функции Xapian::MSet::snippet() библиотеки для полнотекстового поиска Xapian (xapian-core), позволяющая нарушителю осуществить межсайтовое выполнение сценариев

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2018-0499

Published: 2018-07-02
Modified: 2024-11-21

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
USN-3709-1
USN-3709-1

Version: 2.1.0

Package xapian-core update in p9 on 2020-10-01

ALT-PU-2020-2911-1

Closed vulnerabilities

BDU:2019-00444

CVE-2018-0499