4.3
CVE-2011-4616
- EPSS 0.67%
- Veröffentlicht 06.01.2012 04:01:26
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Igor Vlasenko ≫ Html-template-pro Version <= 0.9506
Igor Vlasenko ≫ Html-template-pro Version0.01
Igor Vlasenko ≫ Html-template-pro Version0.17
Igor Vlasenko ≫ Html-template-pro Version0.26
Igor Vlasenko ≫ Html-template-pro Version0.34
Igor Vlasenko ≫ Html-template-pro Version0.35
Igor Vlasenko ≫ Html-template-pro Version0.36
Igor Vlasenko ≫ Html-template-pro Version0.37
Igor Vlasenko ≫ Html-template-pro Version0.38
Igor Vlasenko ≫ Html-template-pro Version0.40
Igor Vlasenko ≫ Html-template-pro Version0.41
Igor Vlasenko ≫ Html-template-pro Version0.42
Igor Vlasenko ≫ Html-template-pro Version0.43
Igor Vlasenko ≫ Html-template-pro Version0.44
Igor Vlasenko ≫ Html-template-pro Version0.45
Igor Vlasenko ≫ Html-template-pro Version0.47
Igor Vlasenko ≫ Html-template-pro Version0.48
Igor Vlasenko ≫ Html-template-pro Version0.50
Igor Vlasenko ≫ Html-template-pro Version0.51
Igor Vlasenko ≫ Html-template-pro Version0.52
Igor Vlasenko ≫ Html-template-pro Version0.53
Igor Vlasenko ≫ Html-template-pro Version0.54
Igor Vlasenko ≫ Html-template-pro Version0.55
Igor Vlasenko ≫ Html-template-pro Version0.56
Igor Vlasenko ≫ Html-template-pro Version0.57
Igor Vlasenko ≫ Html-template-pro Version0.58
Igor Vlasenko ≫ Html-template-pro Version0.59
Igor Vlasenko ≫ Html-template-pro Version0.61
Igor Vlasenko ≫ Html-template-pro Version0.62
Igor Vlasenko ≫ Html-template-pro Version0.63
Igor Vlasenko ≫ Html-template-pro Version0.64
Igor Vlasenko ≫ Html-template-pro Version0.65
Igor Vlasenko ≫ Html-template-pro Version0.66
Igor Vlasenko ≫ Html-template-pro Version0.67
Igor Vlasenko ≫ Html-template-pro Version0.68
Igor Vlasenko ≫ Html-template-pro Version0.69
Igor Vlasenko ≫ Html-template-pro Version0.70
Igor Vlasenko ≫ Html-template-pro Version0.71
Igor Vlasenko ≫ Html-template-pro Version0.72
Igor Vlasenko ≫ Html-template-pro Version0.73
Igor Vlasenko ≫ Html-template-pro Version0.74
Igor Vlasenko ≫ Html-template-pro Version0.75
Igor Vlasenko ≫ Html-template-pro Version0.76
Igor Vlasenko ≫ Html-template-pro Version0.77
Igor Vlasenko ≫ Html-template-pro Version0.80
Igor Vlasenko ≫ Html-template-pro Version0.81
Igor Vlasenko ≫ Html-template-pro Version0.82
Igor Vlasenko ≫ Html-template-pro Version0.83
Igor Vlasenko ≫ Html-template-pro Version0.84
Igor Vlasenko ≫ Html-template-pro Version0.85
Igor Vlasenko ≫ Html-template-pro Version0.86
Igor Vlasenko ≫ Html-template-pro Version0.87
Igor Vlasenko ≫ Html-template-pro Version0.90
Igor Vlasenko ≫ Html-template-pro Version0.92
Igor Vlasenko ≫ Html-template-pro Version0.93
Igor Vlasenko ≫ Html-template-pro Version0.94
Igor Vlasenko ≫ Html-template-pro Version0.95
Igor Vlasenko ≫ Html-template-pro Version0.9501
Igor Vlasenko ≫ Html-template-pro Version0.9502
Igor Vlasenko ≫ Html-template-pro Version0.9503
Igor Vlasenko ≫ Html-template-pro Version0.9504
Igor Vlasenko ≫ Html-template-pro Version0.9505
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.689 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.