hackage-server 跨站脚本漏洞

hackage-server is a Haskell open-source package repository server. hackage-server has a cross-site scripting vulnerability, which stems from the direct provision of HTML and JavaScript files. This vulnerability could allow malicious package maintainers to hijack user sessions...

HSEC-2026-0004 Hackage package metadata stored XSS vulnerability

Hackage package metadata stored XSS vulnerability User-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks. The specific fields affected are: - homepage - bug-reports - source-repository.locatio...

HSEC-2026-0002 Hackage CSRF vulnerability

Hackage CSRF vulnerability Vulnerable File: src/Distribution/Server/Features/Votes.hs example Impact: can forge requests through XSS hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly...

PT-2026-32988

Hackage package metadata stored XSS vulnerability User-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks. The specific fields affected are: - homepage - bug-reports - source-repository.locatio...

PT-2026-32987

Hackage CSRF vulnerability Vulnerable File: src/Distribution/Server/Features/Votes.hs example Impact: can forge requests through XSS hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly...

HSEC-2024-0004 Hackage package and doc upload stored XSS vulnerability

Hackage package and doc upload stored XSS vulnerability Author: Fraser Tweedale Haskell SRT Executive summary A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served...

PT-2026-32986

Hackage package and doc upload stored XSS vulnerability Author: Fraser Tweedale Haskell SRT Executive summary A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served...

HSEC-2023-0015 cabal-install uses expired key policies

cabal-install uses expired key policies A problem was recently discovered in cabal-install's implementation of the Hackage Security protocol that would allow an attacker who was in possession of a revoked private key and who could perform a man-in-the-middle attack against Hackage to use the...

[SECURITY] Fedora 34 Update: cabal-rpm-2.0.11-1.fc34

This package provides a RPM packaging tool for Haskell Cabal-based packages. cabal-rpm has commands to generate a RPM spec file and srpm for a package. It can rpmbuild packages, yum/dnf install their dependencies, prep packages, and install them. There are commands to list package dependencies an...

Fedora: Security Advisory for cabal-rpm (FEDORA-2022-78559f99a9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: cabal-rpm-2.0.11-1.fc35

This package provides a RPM packaging tool for Haskell Cabal-based packages. cabal-rpm has commands to generate a RPM spec file and srpm for a package. It can rpmbuild packages, yum/dnf install their dependencies, prep packages, and install them. There are commands to list package dependencies an...

[SECURITY] Fedora 22 Update: cabal-install-1.18.1.0-1.fc22

The 'cabal' command-line program simplifies the process of managing Haskell software by automating the fetching, configuration, compilation and installation of Haskell libraries and programs from Hackage...

Mail Manager Pro XSRF (Change Admin Password)

Exploit for unknown platform in category web applications ============================================= Mail Manager Pro XSRF Change Admin Password ============================================= ----------------------------------------------------------------------------------------------- Title:...