Vulnerability Details : CVE-2018-25052
A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2018-25052
- cpe:2.3:a:catalyst-plugin-session_project:catalyst-plugin-session:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-25052
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-25052
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
2.1
|
1.4
|
VulDB | |
3.5
|
LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
2.1
|
1.4
|
VulDB | 2024-02-29 |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2018-25052
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: cna@vuldb.com (Primary)
References for CVE-2018-25052
-
https://vuldb.com/?ctiid.216958
CVE-2018-25052 | Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scriptingPermissions Required;Third Party Advisory
-
https://vuldb.com/?id.216958
CVE-2018-25052 | Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scriptingPermissions Required;Third Party Advisory
-
https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41
Release 0.41 · perl-catalyst/Catalyst-Plugin-Session · GitHubThird Party Advisory
-
https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4
Session: encode HTML entities in error · perl-catalyst/Catalyst-Plugin-Session@88d1b59 · GitHubPatch;Third Party Advisory
Jump to