tags in string literals when producing JSON.","datePublished":"2017-09-06T21:00:00+00:00","dateModified":"2024-08-06T05:39:31.412000+00:00","inLanguage":"en","author":{"@type":"Organization","name":"Vexday"},"publisher":{"@type":"Organization","name":"Vexday","url":"https://vexday.io"},"mainEntityOfPage":"https://vexday.io/en/cve/CVE-2015-3161","keywords":"CVE-2015-3161","breadcrumb":{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://vexday.io/en"},{"@type":"ListItem","position":2,"name":"CVE-2015-3161"}]}}← back

CVE-2015-3161

CVE-2015-3161

EPSS 0.8%

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.htmlhttps://bugzilla.redhat.com/attachment.cgi?id=1020004https://bugzilla.redhat.com/show_bug.cgi?id=1215024http://www.openwall.com/lists/oss-security/2015/05/08/1http://www.securityfocus.com/bid/74574