CVE-2011-5025

NameCVE-2011-5025
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs653966

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yaws (PTS)stretch2.0.4+dfsg-1fixed
stretch (security)2.0.4+dfsg-1+deb9u1fixed
buster2.0.6+dfsg-1fixed
buster (security)2.0.6+dfsg-1+deb10u1fixed
bullseye, sid2.0.8+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yawssource(unstable)1.92-1low653966

Notes

[squeeze] - yaws <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems