Bug#652587: libhtml-template-pro-perl: missing escaping allows XSS
Ansgar Burchardt
ansgar at debian.org
Sun Dec 18 22:26:55 UTC 2011
> An example script that triggers the bug is attached. With 0.9507 it
> outputs
>
> <evil>
>
> older versions generate
>
> <evil>
>
> instead.
This time for real.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xs.pl
Type: text/x-perl
Size: 254 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20111218/b3a4e5d1/attachment.pl>
More information about the pkg-perl-maintainers
mailing list