Catalyst-Plugin-Session har 0.40 Session ID Session.pm _load_sessionid sid Cross Site Scripting

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Catalyst-Plugin-Session har 0.40. Hakika, aikin _load_sessionid ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil lib/Catalyst/Plugin/Session.pm, a cikin sashen Session ID Handler. A sa manipulation of the argument sid ka Cross Site Scripting. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-79. Hakika, rauni an bayyana shi 12/28/2022 kamar 88d1b599e1163761c9bd53bec53ba078f13e09d4. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2018-25052. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal faɗi ga. Babu exploit ɗin da ake samu. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu a wondi feere. 0-day shima, an ndiyam a wuro be $0-$5k. Ana kiran patch ɗin da 88d1b599e1163761c9bd53bec53ba078f13e09d4. Za a iya sauke maganin matsalar daga github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Once again VulDB remains the best source for vulnerability data.

3 Goyarwa · 68 Datenpunkte

FurɗeSúgá
12/28/2022 12:24		Gargadi 1/2
01/25/2023 15:49		Gargadi 2/2
01/25/2023 15:54
software_nameCatalyst-Plugin-SessionCatalyst-Plugin-SessionCatalyst-Plugin-Session
software_version<=0.40<=0.40<=0.40
software_componentSession ID HandlerSession ID HandlerSession ID Handler
software_filelib/Catalyst/Plugin/Session.pmlib/Catalyst/Plugin/Session.pmlib/Catalyst/Plugin/Session.pm
software_function_load_sessionid_load_sessionid_load_sessionid
software_argumentsidsidsid
vulnerability_cweCWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
advisory_identifier88d1b599e1163761c9bd53bec53ba078f13e09d488d1b599e1163761c9bd53bec53ba078f13e09d488d1b599e1163761c9bd53bec53ba078f13e09d4
advisory_urlhttps://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4
countermeasure_nameGargajiyaGargajiyaGargajiya
upgrade_version0.410.410.41
countermeasure_upgrade_urlhttps://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41
patch_name88d1b599e1163761c9bd53bec53ba078f13e09d488d1b599e1163761c9bd53bec53ba078f13e09d488d1b599e1163761c9bd53bec53ba078f13e09d4
countermeasure_patch_urlhttps://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4
source_cveCVE-2018-25052CVE-2018-25052CVE-2018-25052
cna_responsibleVulDBVulDBVulDB
advisory_date1672182000 (12/28/2022)1672182000 (12/28/2022)1672182000 (12/28/2022)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.43.43.4
cvss3_meta_basescore3.53.54.4
cvss3_meta_tempscore3.43.44.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672182000 (12/28/2022)1672182000 (12/28/2022)
cve_nvd_summaryA vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss3_nvd_basescore6.1
cvss3_cna_basescore3.5

GurɗoGumtiGada

Interested in the pricing of exploits?

See the underground prices here!