CVE-2018-25052

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
3.5 LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
catalyst-plugin-session_projectcatalyst-plugin-session
𝑥
< 0.41
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libcatalyst-plugin-session-perl
bullseye
0.41-1
fixed
sid
0.43-1
fixed
trixie
0.43-1
fixed
bookworm
0.43-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libcatalyst-plugin-session-perl
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
focal
not-affected
bionic
needs-triage
xenial
not-affected
trusty
ignored
Common Weakness Enumeration
References
https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4
https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41
https://vuldb.com/?ctiid.216958
https://vuldb.com/?id.216958
https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4
https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41
https://vuldb.com/?ctiid.216958
https://vuldb.com/?id.216958