CVE-2011-5025

NameCVE-2011-5025
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs653966

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yaws (PTS)jessie1.98-4+deb8u1fixed
stretch (security), stretch (lts), stretch2.0.4+dfsg-1+deb9u1fixed
buster (security), buster, buster (lts)2.0.6+dfsg-1+deb10u1fixed
bullseye2.0.8+dfsg-3fixed
bookworm2.1.1+dfsg-2fixed
sid, trixie2.2.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yawssource(unstable)1.92-1low653966

Notes

[squeeze] - yaws <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems