From Mageia wiki
Jump to: navigation, search

MGASA-2012-0302

Date: October 20th, 2012
Affected releases: 1


Description:
Updated perl-HTML-Template-Pro packages fix security vulnerability:

Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module
before 0.9507 for Perl allows remote attackers to inject arbitrary web
script or HTML via template parameters, related to improper handling of
">" (greater than) and "<" (less than) characters (CVE-2011-4616).


Updated Packages:
perl-HTML-Template-Pro-0.950.900-1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html
https://bugs.mageia.org/show_bug.cgi?id=7805