CVE-2018-25052 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2018-25052?

CVE-2018-25052 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-25052?

Check the references section above for vendor advisories and patch information. Affected products include: Catalyst-Plugin-Session Project Catalyst-Plugin-Session.

Vulnerability Description

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Catalyst-Plugin-Session Project	Catalyst-Plugin-Session	< 0.41

Related Weaknesses (CWE)

CWE-79

References

https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761PatchThird Party Advisory
https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41Third Party Advisory
https://vuldb.com/?ctiid.216958Permissions RequiredThird Party Advisory
https://vuldb.com/?id.216958Permissions RequiredThird Party Advisory
https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761PatchThird Party Advisory
https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41Third Party Advisory
https://vuldb.com/?ctiid.216958Permissions RequiredThird Party Advisory
https://vuldb.com/?id.216958Permissions RequiredThird Party Advisory

FAQ

What is CVE-2018-25052?

CVE-2018-25052 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm o...

How severe is CVE-2018-25052?

CVE-2018-25052 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25052?

Check the references section above for vendor advisories and patch information. Affected products include: Catalyst-Plugin-Session Project Catalyst-Plugin-Session.