CVE-2011-5025

NameCVE-2011-5025
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs653966

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yaws (PTS)jessie1.98-4+deb8u1fixed
stretch2.0.4+dfsg-1fixed
bullseye, sid, buster2.0.6+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yawssource(unstable)1.92-1low653966

Notes

[squeeze] - yaws <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems