Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-277: Roundup Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-277: Roundup Vulnerability
# 1  
Old 04-25-2008
S-277: Roundup Vulnerability
Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed int he victim's browser. The risk is LOW. May allow an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. News, Links, Events and Announcements

Bash vulnerability

Not sure if there is a post about it here somewhere already. Anyway: Remote exploit vulnerability in bash CVE-2014-6271 | CSO Online (3 Replies)
Discussion started by: zaxxon
3 Replies

2. Shell Programming and Scripting

Sum of all lines in file without roundup with awk

Hi, I have a file and I want to sum all the numbers in it. Example of the file: 0.6714359 -3842.59553830551 I used your forum (https://www.unix.com/shell-programming-scripting/74293-how-get-sum-all-lines-file.html) and found a script, what worked for me: awk '{a+=$0}END{print a}'... (8 Replies)
Discussion started by: mario8eren
8 Replies

3. UNIX for Dummies Questions & Answers

Vulnerability Alerts

Aside from CERT, are there any additional sources for unix/linux vulnerabilities? (1 Reply)
Discussion started by: kmgrady01
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

html::template::compiled::utils

HTML::Template::Compiled::Utils(3pm)			User Contributed Perl Documentation		      HTML::Template::Compiled::Utils(3pm)

NAME

       HTML::Template::Compiled::Utils - Utility functions for HTML::Template::Compiled

SYNOPSIS

	# import log() and stack()
	use HTML::Template::Compiled::Utils qw(:log);

	# import the escapign functions
	use HTML::Template::Compiled::Utils qw(:escape);

DEBUGGING FUNCTIONS

   stack
	   $self->stack;

       For HTML::Template:Compiled developers, prints a stack trace to STDERR.

   md5
	md5($text)

       If Digest::MD5 is installed, returns the md5_base64 for $text, otherwise returns the empty string.

   log
	$self->log(@msg)

       For HTML::Template::Compiled developers, print log from @msg to STDERR.

ESCAPING FUNCTIONS

   escape_html
	 my $escaped_html = escape_html($raw_html);

       HTML-escapes the input string (only &, ", single quotes, "<" and ""> and returns it;

   escape_html_all
	 my $escaped_html = escape_html_all($raw_html);

       HTML-escapes the input string (with HTML::Entities) and returns it;

   escape_uri
	 my $escaped_uri = escape_uri($raw_uri);

       URI-escapes the input string and returns it;

   escape_js
	 my $escaped_js = escape_js($raw_js);

       JavaScript-escapes the input string and returns it;

   escape_ijson
	 my $escaped_js = escape_ijson($raw_js);

       JavaScript-escapes the input string except for the apostrophe and returns it, so it can be used within a JSON element.

perl v5.14.2							    2012-05-26				      HTML::Template::Compiled::Utils(3pm)