'[oss-security] CVE for HTML-Template-Pro 0.9506 XSS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE for HTML-Template-Pro 0.9506 XSS
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2011-12-19 5:05:25
Message-ID: 4EEEC615.3000700 () redhat ! com
[Download RAW message or body]

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
http://search.cpan.org/~viy/HTML-Template-Pro-0.9507/lib/HTML/Template/Pro.pm

diff -ru HTML-Template-Pro-0.9506/templates-Pro/test_var3.out
HTML-Template-Pro-0.9507/templates-Pro/test_var3.out
--- HTML-Template-Pro-0.9506/templates-Pro/test_var3.out    2007-05-07
04:09:54.000000000 -0600
+++ HTML-Template-Pro-0.9507/templates-Pro/test_var3.out    2011-12-09
00:41:53.000000000 -0700
@@ -8,7 +8,7 @@
  \&lt;&gt;&quot;; %FAhidden:
 end
 
- \\<>\"; %FAhidden:\r\nend
+ \\&lt;&gt;\"; %FAhidden:\r\nend
 
 <H1> END test_var3 </H1>
 </body></html>

Please use CVE-2011-4616 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic