CVE-2018-25052

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-25052
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25052.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-25052
Downstream
Published
2022-12-28T12:15:08.607Z
Modified
2026-03-14T09:29:19.159998Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/perl-catalyst/catalyst-plugin-session

Affected ranges

Type
GIT
Repo
https://github.com/perl-catalyst/catalyst-plugin-session
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d4e3f644985ba3164db36980df32a5a1d530c6f5
Fixed
88d1b599e1163761c9bd53bec53ba078f13e09d4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.41"
        }
    ]
}

Affected versions

0.*
0.35
0.36
0.40
v0.*
v0.01
v0.02
v0.03
v0.04
v0.05
v0.06
v0.09
v0.11
v0.12
v0.13
v0.15
v0.16
v0.17
v0.18
v0.19
v0.19_01
v0.20
v0.21
v0.22
v0.23
v0.24
v0.25
v0.26
v0.26_01
v0.27
v0.28
v0.29
v0.30
v0.31
v0.32
v0.34

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25052.json"