CVE-2011-4616

Published: 06/01/2012 Updated: 05/04/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module prior to 0.9507 for Perl allows remote malicious users to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
igor vlasenko html-template-pro 0.54
igor vlasenko html-template-pro 0.52
igor vlasenko html-template-pro 0.48
igor vlasenko html-template-pro 0.84
igor vlasenko html-template-pro 0.38
igor vlasenko html-template-pro 0.74
igor vlasenko html-template-pro 0.59
igor vlasenko html-template-pro 0.65
igor vlasenko html-template-pro 0.41
igor vlasenko html-template-pro 0.69
igor vlasenko html-template-pro 0.36
igor vlasenko html-template-pro 0.62
igor vlasenko html-template-pro 0.53
igor vlasenko html-template-pro 0.9501
igor vlasenko html-template-pro 0.56
igor vlasenko html-template-pro 0.76
igor vlasenko html-template-pro 0.73
igor vlasenko html-template-pro 0.71
igor vlasenko html-template-pro 0.42
igor vlasenko html-template-pro 0.94
igor vlasenko html-template-pro 0.64
igor vlasenko html-template-pro 0.51
igor vlasenko html-template-pro 0.45
igor vlasenko html-template-pro 0.82
igor vlasenko html-template-pro 0.68
igor vlasenko html-template-pro 0.70
igor vlasenko html-template-pro 0.92
igor vlasenko html-template-pro 0.9504
igor vlasenko html-template-pro 0.44
igor vlasenko html-template-pro 0.47
igor vlasenko html-template-pro 0.40
igor vlasenko html-template-pro 0.86
igor vlasenko html-template-pro 0.81
igor vlasenko html-template-pro 0.61
igor vlasenko html-template-pro 0.80
igor vlasenko html-template-pro
igor vlasenko html-template-pro 0.63
igor vlasenko html-template-pro 0.26
igor vlasenko html-template-pro 0.9505
igor vlasenko html-template-pro 0.87
igor vlasenko html-template-pro 0.67
igor vlasenko html-template-pro 0.35
igor vlasenko html-template-pro 0.66
igor vlasenko html-template-pro 0.77
igor vlasenko html-template-pro 0.34
igor vlasenko html-template-pro 0.83
igor vlasenko html-template-pro 0.55
igor vlasenko html-template-pro 0.43
igor vlasenko html-template-pro 0.58
igor vlasenko html-template-pro 0.57
igor vlasenko html-template-pro 0.01
igor vlasenko html-template-pro 0.9503
igor vlasenko html-template-pro 0.95
igor vlasenko html-template-pro 0.37
igor vlasenko html-template-pro 0.93
igor vlasenko html-template-pro 0.90
igor vlasenko html-template-pro 0.75
igor vlasenko html-template-pro 0.9502
igor vlasenko html-template-pro 0.50
igor vlasenko html-template-pro 0.17
igor vlasenko html-template-pro 0.72
igor vlasenko html-template-pro 0.85

Debian Bug report logs - #652587 libhtml-template-pro-perl: [CVE-2011-4616] missing escaping allows XSS Package: libhtml-template-pro-perl; Maintainer for libhtml-template-pro-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libhtml-template-pro-perl is src:libhtml-template-pro-perl (PTS, buildd, ...

CWE-79 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 http://openwall.com/lists/oss-security/2011/12/19/1 http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507 http://secunia.com/advisories/47184 http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes http://www.securityfocus.com/bid/51117 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587

CVE-2011-4616

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect