{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-09-14T16:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36317", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36317"}, {"name": "36693", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36693"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.xapian.org/%2Acheckout%2A/tags/1.0.16/xapian-applications/omega/NEWS"}, {"name": "[xapian-discuss] 20090909 Cross-site scripting issue in Omega", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html"}, {"name": "36674", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36674"}, {"name": "DSA-1882", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1882"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2009-2947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36317", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36317"}, {"name": "36693", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36693"}, {"name": "http://svn.xapian.org/*checkout*/tags/1.0.16/xapian-applications/omega/NEWS", "refsource": "CONFIRM", "url": "http://svn.xapian.org/*checkout*/tags/1.0.16/xapian-applications/omega/NEWS"}, {"name": "[xapian-discuss] 20090909 Cross-site scripting issue in Omega", "refsource": "MLIST", "url": "http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html"}, {"name": "36674", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36674"}, {"name": "DSA-1882", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1882"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:07:37.339Z"}, "title": "CVE Program Container", "references": [{"name": "36317", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36317"}, {"name": "36693", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36693"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.xapian.org/%2Acheckout%2A/tags/1.0.16/xapian-applications/omega/NEWS"}, {"name": "[xapian-discuss] 20090909 Cross-site scripting issue in Omega", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html"}, {"name": "36674", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36674"}, {"name": "DSA-1882", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1882"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2947", "datePublished": "2009-09-14T16:00:00Z", "dateReserved": "2009-08-23T00:00:00Z", "dateUpdated": "2024-09-16T16:43:31.029Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xapian:omega:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5B32B09-2211-446C-9605-50E5D2A647CF", "versionEndIncluding": "1.0.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE0DDC19-0F30-4974-918A-C30C86ABFA3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "CBED9111-D09D-4216-85AC-DEE45FA3F7F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B4A52A7C-45E2-4EBD-8F0D-3689EB2D5E15", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "FE37440F-00ED-4CE5-83F8-6E37FD6BDAAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "B0F73199-1EA7-46DF-8B2E-AA14D85A1DCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "A8902A27-A219-46FA-9A8A-3E946A253EBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0C83D2F-C7B0-4010-9C17-FE5F813C07B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "BC0E29D0-A8A9-4859-8B96-46BC77474EC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "625F72A9-33B2-4599-BB85-307BB0E1A70C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "586A4BFF-EE02-446D-813D-4047CAB76691", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "5DB61F8E-5796-42C5-BC33-F1DD0177CFB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "C7E31076-63C4-402C-9DB4-67A466722B4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "3DE12CF1-0D72-48B4-B775-1E504F27E4DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "9BB55590-D2E5-4D22-A3BB-0A2D33C584AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "6D5EE25F-10A4-41EE-8E28-2C9CBD4736BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "6B3321D2-77C1-4592-8CD0-3E7C52F7F107", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "C27123FE-9348-48A1-9678-A31548CA21EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BBA3DE2E-FECC-4775-A4C7-FA88FB474EEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "80B31509-3028-498C-8FF3-B93F1F33BDD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DB2C533D-ED06-4676-A8F3-BA664CB107A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "CF912E95-618D-439B-8231-CD45C5966CE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A89463B-AD9B-4B61-9BFF-F003470E8D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0C1E5EE7-A605-4D0A-BC1C-A6F42BDA39C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C6DA8916-91BE-4C3E-83FD-2471BDE93BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "E982B22A-3368-4FD7-BD4D-A7A1E3F2DEBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "458012D3-B354-4984-BAC1-E8810EF73432", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "2B66D8A5-8CF6-4752-AD21-CCB32780286B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "A3EE2CF9-5C0E-4291-A694-C0D327415730", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "E6FB0460-C0C2-4A72-A575-F3DAD299EE6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "3B462D97-AD4D-4F0E-865D-D2D879ADC177", "vulnerable": true}, {"criteria": "cpe:2.3:a:xapian:omega:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "0EEA96B4-838C-4137-B5A3-736DD618B3CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Xapian Omega v1.0.16, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de valores no especificados en el par\u00e1metro CGI, que en ocasiones es incluido en los mensajes de excepci\u00f3n."}], "id": "CVE-2009-2947", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-09-14T16:30:00.500", "references": [{"source": "[email protected]", "url": "http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36674"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36693"}, {"source": "[email protected]", "url": "http://svn.xapian.org/%2Acheckout%2A/tags/1.0.16/xapian-applications/omega/NEWS"}, {"source": "[email protected]", "url": "http://www.debian.org/security/2009/dsa-1882"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/36317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.xapian.org/%2Acheckout%2A/tags/1.0.16/xapian-applications/omega/NEWS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/36317"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}