Bug 1276646 - (CVE-2015-5667) CVE-2015-5667 perl-HTML-Scrubber: XSS vulnerability when function "comment" is enabled
CVE-2015-5667 perl-HTML-Scrubber: XSS vulnerability when function "comment" i...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151030,repor...
: Security
Depends On: 1276647 1276648
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-30 07:17 EDT by Adam Mariš
Modified: 2015-10-30 07:17 EDT (History)
2 users (show)

See Also:
Fixed In Version: perl-HTML-Scrubber 0.15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-10-30 07:17:13 EDT
A cross-site cripting vulnerability was found in HTML::Scrubber Perl module. If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Affects versions 0.14 and earlier.

Upstream patch:

https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
Comment 1 Adam Mariš 2015-10-30 07:17:48 EDT
Created perl-HTML-Scrubber tracking bugs for this issue:

Affects: fedora-all [bug 1276647]
Affects: epel-all [bug 1276648]

Note You need to log in before you can comment on or make changes to this bug.