CVE-2009-2947

medium

Description

Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.

References

http://www.securityfocus.com/bid/36317

http://www.debian.org/security/2009/dsa-1882

http://svn.xapian.org/%2Acheckout%2A/tags/1.0.16/xapian-applications/omega/NEWS

http://secunia.com/advisories/36693

http://secunia.com/advisories/36674

http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html

Details

Source: Mitre, NVD

Published: 2009-09-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N