ID CVE-2015-5667 Type cve Reporter cve@mitre.org Modified 2016-12-07T18:17:00
Description
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
{"freebsd": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "unix", "description": "\nMITRE reports:\n\nCross-site scripting (XSS) vulnerability in the HTML-Scrubber\n\t module before 0.15 for Perl, when the comment feature is enabled,\n\t allows remote attackers to inject arbitrary web script or HTML via\n\t a crafted comment.\n\n", "modified": "2015-10-10T00:00:00", "published": "2015-10-10T00:00:00", "id": "2F7F4DB2-8819-11E5-AB94-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/2f7f4db2-8819-11e5-ab94-002590263bf5.html", "title": "p5-HTML-Scrubber -- XSS vulnerability", "type": "freebsd", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-12-01T00:00:00", "id": "OPENVAS:1361412562310806790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806790", "title": "Fedora Update for perl-HTML-Scrubber FEDORA-2015-95", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-HTML-Scrubber FEDORA-2015-95\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806790\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-01 06:12:48 +0100 (Tue, 01 Dec 2015)\");\n script_cve_id(\"CVE-2015-5667\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for perl-HTML-Scrubber FEDORA-2015-95\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-HTML-Scrubber'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"perl-HTML-Scrubber on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-95\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-HTML-Scrubber\", rpm:\"perl-HTML-Scrubber~0.15~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2015-0488", "modified": "2018-09-28T00:00:00", "published": "2015-12-29T00:00:00", "id": "OPENVAS:1361412562310131169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131169", "title": "Mageia Linux Local Check: mgasa-2015-0488", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0488.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131169\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-29 11:15:51 +0200 (Tue, 29 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0488\");\n script_tag(name:\"insight\", value:\"Updated perl-HTML-Scrubber package fixes security vulnerability: Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0488.html\");\n script_cve_id(\"CVE-2015-5667\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0488\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"perl-HTML-Scrubber\", rpm:\"perl-HTML-Scrubber~0.110.0~6.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:47", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310120619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120619", "title": "Amazon Linux Local Check: alas-2015-629", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-629.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120619\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:29 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-629\");\n script_tag(name:\"insight\", value:\"Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.\");\n script_tag(name:\"solution\", value:\"Run yum update perl-HTML-Scrubber to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-629.html\");\n script_cve_id(\"CVE-2015-5667\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"perl-HTML-Scrubber\", rpm:\"perl-HTML-Scrubber~0.15~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T02:27:25", "bulletinFamily": "scanner", "description": "perl-HTML-Scrubber-0.15-1.fc21 - update to 0.15 perl-HTML-\nScrubber-0.15-1.fc22 - update to 0.15 perl-HTML-Scrubber-0.15-1.fc23 -\nupdate to 0.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-95F5FF8D44.NASL", "href": "https://www.tenable.com/plugins/nessus/89329", "published": "2016-03-04T00:00:00", "title": "Fedora 22 : perl-HTML-Scrubber-0.15-1.fc22 (2015-95f5ff8d44)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-95f5ff8d44.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89329);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2016/03/04 16:10:31 $\");\n\n script_cve_id(\"CVE-2015-5667\");\n script_xref(name:\"FEDORA\", value:\"2015-95f5ff8d44\");\n\n script_name(english:\"Fedora 22 : perl-HTML-Scrubber-0.15-1.fc22 (2015-95f5ff8d44)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl-HTML-Scrubber-0.15-1.fc21 - update to 0.15 perl-HTML-\nScrubber-0.15-1.fc22 - update to 0.15 perl-HTML-Scrubber-0.15-1.fc23 -\nupdate to 0.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276647\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?182b4cff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-HTML-Scrubber package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-HTML-Scrubber\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"perl-HTML-Scrubber-0.15-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-HTML-Scrubber\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:20:31", "bulletinFamily": "scanner", "description": "HTML::Scrubber is vulnerable to a cross-site scripting (XSS)\nvulnerability when the comment feature is enabled. It allows remote\nattackers to inject arbitrary web script or HTML via a crafted\ncomment.\n\nFor Debian 6 squeeze, this has been fixed in libhtml-scrubber-perl\nversion 0.08-4+deb6u1.\n\nCheers,\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-339.NASL", "href": "https://www.tenable.com/plugins/nessus/86712", "published": "2015-11-04T00:00:00", "title": "Debian DLA-339-1 : libhtml-scrubber-perl security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-339-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86712);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-5667\");\n\n script_name(english:\"Debian DLA-339-1 : libhtml-scrubber-perl security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"HTML::Scrubber is vulnerable to a cross-site scripting (XSS)\nvulnerability when the comment feature is enabled. It allows remote\nattackers to inject arbitrary web script or HTML via a crafted\ncomment.\n\nFor Debian 6 squeeze, this has been fixed in libhtml-scrubber-perl\nversion 0.08-4+deb6u1.\n\nCheers,\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/11/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libhtml-scrubber-perl\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libhtml-scrubber-perl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libhtml-scrubber-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libhtml-scrubber-perl\", reference:\"0.08-4+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:27:25", "bulletinFamily": "scanner", "description": "perl-HTML-Scrubber-0.15-1.fc21 - update to 0.15 perl-HTML-\nScrubber-0.15-1.fc22 - update to 0.15 perl-HTML-Scrubber-0.15-1.fc23 -\nupdate to 0.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-FED35DFFD7.NASL", "href": "https://www.tenable.com/plugins/nessus/89471", "published": "2016-03-04T00:00:00", "title": "Fedora 21 : perl-HTML-Scrubber-0.15-1.fc21 (2015-fed35dffd7)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-fed35dffd7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89471);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2016/03/04 16:10:31 $\");\n\n script_cve_id(\"CVE-2015-5667\");\n script_xref(name:\"FEDORA\", value:\"2015-fed35dffd7\");\n\n script_name(english:\"Fedora 21 : perl-HTML-Scrubber-0.15-1.fc21 (2015-fed35dffd7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl-HTML-Scrubber-0.15-1.fc21 - update to 0.15 perl-HTML-\nScrubber-0.15-1.fc22 - update to 0.15 perl-HTML-Scrubber-0.15-1.fc23 -\nupdate to 0.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276647\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172997.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa3a6212\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-HTML-Scrubber package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-HTML-Scrubber\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"perl-HTML-Scrubber-0.15-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-HTML-Scrubber\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:37:23", "bulletinFamily": "scanner", "description": "MITRE reports :\n\nCross-site scripting (XSS) vulnerability in the HTML-Scrubber module\nbefore 0.15 for Perl, when the comment feature is enabled, allows\nremote attackers to inject arbitrary web script or HTML via a crafted\ncomment.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_2F7F4DB2881911E5AB94002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/86834", "published": "2015-11-11T00:00:00", "title": "FreeBSD : p5-HTML-Scrubber -- XSS vulnerability (2f7f4db2-8819-11e5-ab94-002590263bf5)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86834);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2015-5667\");\n\n script_name(english:\"FreeBSD : p5-HTML-Scrubber -- XSS vulnerability (2f7f4db2-8819-11e5-ab94-002590263bf5)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MITRE reports :\n\nCross-site scripting (XSS) vulnerability in the HTML-Scrubber module\nbefore 0.15 for Perl, when the comment feature is enabled, allows\nremote attackers to inject arbitrary web script or HTML via a crafted\ncomment.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://metacpan.org/release/HTML-Scrubber\"\n );\n # http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://jvn.jp/en/jp/JVN53973084/index.html\"\n );\n # https://vuxml.freebsd.org/freebsd/2f7f4db2-8819-11e5-ab94-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40de686a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:p5-HTML-Scrubber\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"p5-HTML-Scrubber<0.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:27:24", "bulletinFamily": "scanner", "description": "perl-HTML-Scrubber-0.15-1.fc21 - update to 0.15 perl-HTML-\nScrubber-0.15-1.fc22 - update to 0.15 perl-HTML-Scrubber-0.15-1.fc23 -\nupdate to 0.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-84A95E39D4.NASL", "href": "https://www.tenable.com/plugins/nessus/89306", "published": "2016-03-04T00:00:00", "title": "Fedora 23 : perl-HTML-Scrubber-0.15-1.fc23 (2015-84a95e39d4)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-84a95e39d4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89306);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/03/04 16:00:58 $\");\n\n script_cve_id(\"CVE-2015-5667\");\n script_xref(name:\"FEDORA\", value:\"2015-84a95e39d4\");\n\n script_name(english:\"Fedora 23 : perl-HTML-Scrubber-0.15-1.fc23 (2015-84a95e39d4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl-HTML-Scrubber-0.15-1.fc21 - update to 0.15 perl-HTML-\nScrubber-0.15-1.fc22 - update to 0.15 perl-HTML-Scrubber-0.15-1.fc23 -\nupdate to 0.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276647\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172934.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49045339\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-HTML-Scrubber package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-HTML-Scrubber\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"perl-HTML-Scrubber-0.15-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-HTML-Scrubber\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:13:59", "bulletinFamily": "scanner", "description": "Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module\nbefore 0.15 for Perl, when the comment feature is enabled, allows\nremote attackers to inject arbitrary web script or HTML via a crafted\ncomment.", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2015-629.NASL", "href": "https://www.tenable.com/plugins/nessus/87355", "published": "2015-12-15T00:00:00", "title": "Amazon Linux AMI : perl-HTML-Scrubber (ALAS-2015-629)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-629.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87355);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-5667\");\n script_xref(name:\"ALAS\", value:\"2015-629\");\n\n script_name(english:\"Amazon Linux AMI : perl-HTML-Scrubber (ALAS-2015-629)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module\nbefore 0.15 for Perl, when the comment feature is enabled, allows\nremote attackers to inject arbitrary web script or HTML via a crafted\ncomment.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-629.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update perl-HTML-Scrubber' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-HTML-Scrubber\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"perl-HTML-Scrubber-0.15-1.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-HTML-Scrubber\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "jvn": [{"lastseen": "2019-05-29T19:49:17", "bulletinFamily": "info", "description": "\n ## Description\n\nHTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability (CWE-79).\n\n ## Impact\n\nIf the function \"comment\" is enabled, an arbitrary script may be executed on the user's web browser.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * HTML::Scrubber version 0.14 and earlier\n", "modified": "2015-10-30T00:00:00", "published": "2015-10-30T00:00:00", "id": "JVN:53973084", "href": "http://jvn.jp/en/jp/JVN53973084/index.html", "title": "JVN#53973084: HTML::Scrubber vulnerable to cross-site scripting", "type": "jvn", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2019-05-29T19:20:45", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nCross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.\n\n \n**Affected Packages:** \n\n\nperl-HTML-Scrubber\n\n \n**Issue Correction:** \nRun _yum update perl-HTML-Scrubber_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n perl-HTML-Scrubber-0.15-1.5.amzn1.noarch \n \n src: \n perl-HTML-Scrubber-0.15-1.5.amzn1.src \n \n \n", "modified": "2015-12-13T14:25:00", "published": "2015-12-13T14:25:00", "id": "ALAS-2015-629", "href": "https://alas.aws.amazon.com/ALAS-2015-629.html", "title": "Medium: perl-HTML-Scrubber", "type": "amazon", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2019-08-22T02:28:15", "bulletinFamily": "unix", "description": "Package : libhtml-scrubber-perl\nVersion : 0.08-4+deb6u1\nCVE ID : CVE-2015-5667\nDebian bug : 803943\n\nHTML::Scrubber is vulnerable to a cross-site scripting (XSS) vulnerability\nwhen the comment feature is enabled. It allows remote attackers to inject\narbitrary web script or HTML via a crafted comment.\n\nFor Debian 6 squeeze, this has been fixed in libhtml-scrubber-perl version\n0.08-4+deb6u1.\n\nCheers,\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "modified": "2015-11-03T15:50:48", "published": "2015-11-03T15:50:48", "id": "DEBIAN:DLA-339-1:1CD40", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201511/msg00000.html", "title": "[SECURITY] [DLA 339-1] libhtml-scrubber-perl security update", "type": "debian", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}]}