FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xapian-omega -- cross-site scripting vulnerability

Affected packages
xapian-omega < 1.0.16

Details

VuXML ID b46f3a1e-a052-11de-a649-000c2955660f
Discovery 2009-09-09
Entry 2009-09-13

Olly Betts reports:

There's a cross-site scripting issue in Omega - exception messages don't currently get HTML entities escaped, but can contain CGI parameter values in some cases.

References

CVE Name CVE-2009-2947
URL http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html