Incomplete HTML Escaping in Xapian::MSet::snippet() Leads to Cross-Site Scripting Vulnerability

Incomplete HTML Escaping in Xapian::MSet::snippet() Leads to Cross-Site Scripting Vulnerability

CVE-2018-0499 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

Learn more about our Api Penetration Testing.