Vulnerability DatabaseCVE-2015-5667
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-5667
Published:October 31, 2015
Updated:May 17, 2026
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
Related Resources (8)
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5667
http://jvn.jp/en/jp/JVN53973084/index.html
https://security-tracker.debian.org/tracker/CVE-2015-5667
https://metacpan.org/release/HTML-Scrubber
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172934.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172997.html
Do you need more information?
Contact Us
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
2.6
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
0.41