CVE-2011-4616

Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587	Exploit
http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html
http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507
http://openwall.com/lists/oss-security/2011/12/19/1	Exploit
http://secunia.com/advisories/47184	Vendor Advisory
http://www.securityfocus.com/bid/51117
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587	Exploit
http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html
http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507
http://openwall.com/lists/oss-security/2011/12/19/1	Exploit
http://secunia.com/advisories/47184	Vendor Advisory
http://www.securityfocus.com/bid/51117

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:igor_vlasenko:html-template-pro::::::::
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.01:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.17:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.26:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.34:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.35:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.36:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.37:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.38:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.40:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.41:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.42:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.43:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.44:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.45:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.47:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.48:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.50:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.51:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.52:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.53:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.54:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.55:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.56:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.57:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.58:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.59:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.61:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.62:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.63:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.64:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.65:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.66:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.67:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.68:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.69:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.70:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.71:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.72:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.73:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.74:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.75:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.76:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.77:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.80:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.81:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.82:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.83:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.84:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.85:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.86:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.87:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.90:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.92:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.93:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.94:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.95:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.9501:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.9502:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.9503:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.9504:::::::*
	cpe:2.3:a:igor_vlasenko:html-template-pro:0.9505:::::::*

History

21 Nov 2024, 01:32

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 - Exploit~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 - Exploit
References	~~() http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes -~~	() http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html -
References	~~() http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507 -~~	() http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507 -
References	~~() http://openwall.com/lists/oss-security/2011/12/19/1 - Exploit~~	() http://openwall.com/lists/oss-security/2011/12/19/1 - Exploit
References	~~() http://secunia.com/advisories/47184 - Vendor Advisory~~	() http://secunia.com/advisories/47184 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/51117 -~~	() http://www.securityfocus.com/bid/51117 -

Information

Published : 2012-01-06 04:01

Updated : 2025-04-11 00:51

NVD link : CVE-2011-4616

Mitre link : CVE-2011-4616

CVE.ORG link : CVE-2011-4616

JSON object : View

Products Affected

igor_vlasenko

html-template-pro

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10