Advisories » MGASA-2015-0488

Updated perl-HTML-Scrubber packages fix CVE-2015-5667

Publication date: 28 Dec 2015
Modification date: 28 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5667

Description

Updated perl-HTML-Scrubber package fixes security vulnerability:

Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 
0.15 for Perl, when the comment feature is enabled, allows remote attackers 
to inject arbitrary web script or HTML via a crafted comment.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17080
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5667

SRPMS

5/core

• perl-HTML-Scrubber-0.110.0-6.1.mga5