Incomplete HTML Escaping in Xapian::MSet::snippet() Leads to Cross-Site Scripting Vulnerability
CVE-2018-0499 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().
Learn more about our Api Penetration Testing.