CVE-2018-25052 – Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scripting

https://notcve.org/view.php?id=CVE-2018-25052

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. • https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4 https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41 https://vuldb.com/?ctiid.216958 https://vuldb.com/?id.216958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •