CVE-2015-5667

NameCVE-2015-5667
DescriptionCross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-339-1
NVD severitylow (attack range: remote)
Debian Bugs803943

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libhtml-scrubber-perl (PTS)wheezy0.09-1+deb7u1fixed
jessie0.11-1+deb8u1fixed
buster, sid, stretch0.15-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libhtml-scrubber-perlsource(unstable)0.15-1low803943
libhtml-scrubber-perlsourcejessie0.11-1+deb8u1low
libhtml-scrubber-perlsourcesqueeze0.08-4+deb6u1lowDLA-339-1
libhtml-scrubber-perlsourcewheezy0.09-1+deb7u1low

Notes

Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd

Search for package or bug name: Reporting problems