MidnightBSD

Advisories for cpan

CVE-2004-2332 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cpan www_form 1.12
CVE-2008-7315 HIGH

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
cpan ui::dialog 0.12
cpan ui::dialog 0.13
cpan ui::dialog 0.06
cpan ui::dialog 0.11
cpan ui::dialog 0.17
cpan ui::dialog 1.00
cpan ui::dialog 0.19
cpan ui::dialog 1.01
cpan ui::dialog 1.09
cpan ui::dialog 0.14
cpan ui::dialog 0.04
cpan ui::dialog 0.10
cpan ui::dialog 0.18
cpan ui::dialog 0.09
cpan ui::dialog 1.03
cpan ui::dialog 0.02
cpan ui::dialog 1.05
cpan ui::dialog 0.21
cpan ui::dialog 0.16
cpan ui::dialog 1.07
cpan ui::dialog 0.07
cpan ui::dialog 1.06
cpan ui::dialog 0.08
cpan ui::dialog 0.20
cpan ui::dialog 0.15
cpan ui::dialog 0.03
cpan ui::dialog 0.05
cpan ui::dialog 1.08
cpan ui::dialog 1.04
cpan ui::dialog 0.01
cpan ui::dialog 1.02
CVE-2011-4116 LOW

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
cpan file::temp -