Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 18 Dec 2011 22:05:25 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE for HTML-Template-Pro 0.9506 XSS

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
http://search.cpan.org/~viy/HTML-Template-Pro-0.9507/lib/HTML/Template/Pro.pm

diff -ru HTML-Template-Pro-0.9506/templates-Pro/test_var3.out
HTML-Template-Pro-0.9507/templates-Pro/test_var3.out
--- HTML-Template-Pro-0.9506/templates-Pro/test_var3.out    2007-05-07
04:09:54.000000000 -0600
+++ HTML-Template-Pro-0.9507/templates-Pro/test_var3.out    2011-12-09
00:41:53.000000000 -0700
@@ -8,7 +8,7 @@
  \&lt;&gt;&quot;; %FAhidden:
 end
 
- \\<>\"; %FAhidden:\r\nend
+ \\&lt;&gt;\"; %FAhidden:\r\nend
 
 <H1> END test_var3 </H1>
 </body></html>

Please use CVE-2011-4616 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ