CVE-2009-2947 Information

Description

Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values which are sometimes included in exception messages.

Reference

http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html http://secunia.com/advisories/36674 http://secunia.com/advisories/36693 http://svn.xapian.org/checkout/tags/1.0.16/xapian-applications/omega/NEWS http://www.debian.org/security/2009/dsa-1882 http://www.securityfocus.com/bid/36317