Insufficient sanitization of the query parameter in
templates/html/search_opensearch.php could lead to reflected cross-site
scripting or iframe injection.
Created doxygen tracking bugs for this issue:
Affects: fedora-all [bug 1714191]
this issue was fixed since doxygen version 1.8.12.
* This issue did not affect the versions of doxygen as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include the vulnerable file search_opensearch.php.
* This issue did not affect the versions of doxygen as shipped with Red Hat Enterprise Linux 8 as they already include the patched code.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1034 https://access.redhat.com/errata/RHSA-2020:1034
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):