CPANSA-HTML-Template-Pro-2011-4616: HTML-Template-Pro vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2012-01-06T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2012-01-06T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.
Vulnerabilities
CVE-2011-4616
Vulnerability DescriptionCross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.
| Weakness | CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| HTML-Template-Pro less than 0.9507 |
|
Fixed
- HTML-Template-Pro greater than or equal 0.9507
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-HTML-Template-Pro-2011-4616 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2012/cpansa-html-template-pro-2011-4616.json - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 external
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 - http://openwall.com/lists/oss-security/2011/12/19/1 external
http://openwall.com/lists/oss-security/2011/12/19/1 - http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507 external
http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507 - http://secunia.com/advisories/47184 external
http://secunia.com/advisories/47184 - http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes external
http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes - http://www.securityfocus.com/bid/51117 external
http://www.securityfocus.com/bid/51117 - http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html external
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html - http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html external
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html - http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html external
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html - CVE-2011-4616 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2011-4616
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Fri Jan 6 00:00:00 2012 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/