3 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. • https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4 https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41 https://vuldb.com/?ctiid.216958 https://vuldb.com/?id.216958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters. Se ha detectado que Catalyst IT Ltd Mahara CMS versión v19.10.2, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente groupfiles.php por medio de los parámetros Number (Nombre) y Description (Descripción) • https://www.vulnerability-lab.com/get_content.php?id=2217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character. El módulo Catalyst-Plugin-Static-Simple en versiones anteriores a la 0.34 para Perl permite que atacantes remotos lean archivos arbitrarios si hay un caracter "." en cualquier parte del nombre de ruta, lo que difiere de la política prevista que solo permite el acceso cuando el nombre de archivo en sí contiene un caracter ".". • https://bugs.debian.org/880458 https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple https://rt.cpan.org/Public/Bug/Display.html?id=120558 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •