Debian Security Advisory 1882-1 - It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.
22225bc789297b6ae05b63cb9307569e0036a8f82d2fad3417050d3a1278810d