Moderate severityNVD Advisory· Published Jul 2, 2018· Updated Aug 5, 2024

CVE-2018-0499

Description

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
xapian-coreRubyGems	< 1.4.6	1.4.6

Affected products

N/A/Xapian Xapian Core Before 1.4.6v5
Range: Xapian xapian-core before 1.4.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-7qw4-w7hf-22q3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-0499ghsaADVISORY
usn.ubuntu.com/3709-1/mitrevendor-advisoryx_refsource_UBUNTU
github.com/rubysec/ruby-advisory-db/blob/master/gems/xapian-core/CVE-2018-0499.ymlghsaWEB
lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.htmlghsax_refsource_CONFIRMWEB
trac.xapian.org/wiki/SecurityFixes/2018-07-02ghsax_refsource_CONFIRMWEB
usn.ubuntu.com/3709-1ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000