ALAS-2015-629


Amazon Linux 1 Security Advisory: ALAS-2015-629
Advisory Release Date: 2015-12-14 10:00 Pacific
Advisory Updated Date: 2015-12-13 14:25 Pacific
Severity: Medium

Issue Overview:

Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.


Affected Packages:

perl-HTML-Scrubber


Issue Correction:
Run yum update perl-HTML-Scrubber to update your system.

New Packages:
noarch:
    perl-HTML-Scrubber-0.15-1.5.amzn1.noarch

src:
    perl-HTML-Scrubber-0.15-1.5.amzn1.src