A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libxapian-dev", "binary_version": "1.4.5-1ubuntu0.1" }, { "binary_name": "libxapian30", "binary_version": "1.4.5-1ubuntu0.1" }, { "binary_name": "xapian-examples", "binary_version": "1.4.5-1ubuntu0.1" }, { "binary_name": "xapian-tools", "binary_version": "1.4.5-1ubuntu0.1" } ] }