CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25052 – Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scripting
https://notcve.org/view.php?id=CVE-2018-25052
28 Dec 2022 — A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. • https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23052
https://notcve.org/view.php?id=CVE-2020-23052
22 Oct 2021 — Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters. Se ha detectado que Catalyst IT Ltd Mahara CMS versión v19.10.2, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente groupfiles.php por medio de los parámetros Number (Nombre) y Description (Descripción) • https://www.vulnerability-lab.com/get_content.php?id=2217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16248
https://notcve.org/view.php?id=CVE-2017-16248
01 Nov 2017 — The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character. El módulo Catalyst-Plugin-Static-Simple en versiones anteriores a la 0.34 para Perl permite que atacantes remotos lean archivos arbitrarios si hay un caracter "." en cualquier parte del nombre de ruta, lo que difiere de la política previst... • https://bugs.debian.org/880458 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •