CVE-2018-0499

MEDIUM6.1EPSS 0.37%

xapian-core Cross-site Scripting vulnerability

發布日:2022/5/14修改日:2025/12/3

也稱為:GHSA-7qw4-w7hf-22q3ALPINE-CVE-2018-0499DEBIAN-CVE-2018-0499

描述

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

受影響套件(3)

Alpine/xapian-corefrom 0, < 1.4.6-r0
Debian/xapian-corefrom 0, < 1.4.6-1
RubyGems/xapian-corefrom 0, < 1.4.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-0499
ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-0499
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-0499
WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/xapian-core/CVE-2018-0499.yml
WEBhttps://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
WEBhttps://trac.xapian.org/wiki/SecurityFixes/2018-07-02
WEBhttps://usn.ubuntu.com/3709-1