Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. Upstream commit: https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081
Created doxygen tracking bugs for this issue: Affects: fedora-all [bug 1714191]
this issue was fixed since doxygen version 1.8.12.
Upstream issue: https://bugzilla.gnome.org/show_bug.cgi?id=762934
Statement: * This issue did not affect the versions of doxygen as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include the vulnerable file search_opensearch.php. * This issue did not affect the versions of doxygen as shipped with Red Hat Enterprise Linux 8 as they already include the patched code.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1034 https://access.redhat.com/errata/RHSA-2020:1034
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-10245