CVE-2011-4616

Igor Vlasenko Html-template-pro < 0.9506 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.

References (9)

[Exploit] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587

[Various Sources] http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes

[Exploit] http://openwall.com/lists/oss-security/2011/12/19/1

[Vendor Advisory] http://secunia.com/advisories/47184

[Release Notes] http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51117

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html

Scores

EPSS 0.0067

EPSS Percentile 71.1%

Classification

CWE

CWE-79

Status published

Affected Products (50)

igor_vlasenko/html-template-pro < 0.9506

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

igor_vlasenko/html-template-pro

... and 35 more

Timeline

Published Jan 06, 2012

Tracked Since Feb 18, 2026