Package: libhtml-template-pro-perl Version: 0.9502-1 Severity: important Tags: security
The JS escaping in libhtml-template-pro-perl misses to escape "<" and ">" which allows XSS. This was fixed in the last upstream release (0.9507). An example script that triggers the bug is attached. With 0.9507 it outputs <evil> older versions generate <evil> instead. Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
