CVE-2015-5667

NameCVE-2015-5667
DescriptionCross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-339-1
Debian Bugs803943

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libhtml-scrubber-perl (PTS)buster0.17-1fixed
bullseye0.19-1fixed
sid, trixie, bookworm0.19-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libhtml-scrubber-perlsourcesqueeze0.08-4+deb6u1DLA-339-1
libhtml-scrubber-perlsourcewheezy0.09-1+deb7u1
libhtml-scrubber-perlsourcejessie0.11-1+deb8u1
libhtml-scrubber-perlsource(unstable)0.15-1803943

Notes

Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
Search for package or bug name: Reporting problems