The JS escaping in libhtml-template-pro-perl misses to escape "<" and
">" which allows XSS. This was fixed in the last upstream release (0.9507).
An example script that triggers the bug is attached. With 0.9507 it
older versions generate
Created perl-HTML-Template-Pro tracking bugs for this issue
Affects: fedora-all [bug 773453]