Olly Betts

**Name of the Vulnerable Software and Affected Versions** Xapian xapian-core versions prior to 1.4.6 **Description** The issue is related to insufficient protection of the web page structure in the Xapian library for full-text search. It is caused by incomplete HTML escaping by the `Xapian::MSet::snippet()` function in `queryparser/termgenerator internal.cc`. This can allow a remote attacker to perform a cross-site scripting attack (XSS). **Recommendations** For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the issue. As a temporary workaround, consider disabling the `Xapian::MSet::snippet()` function until a patch is available.