DSA-1882 xapian-omega -- missing input sanitizationID: oval:org.mitre.oval:def:7752 | Date: (C)2009-12-15 (M)2023-11-13 |
Class: PATCH | Family: unix |
It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.
Platform: |
Debian 5.0 |
Debian 4.0 |