Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cpan | www_form | 1.12 |
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cpan | ui::dialog | 0.12 |
| cpan | ui::dialog | 0.13 |
| cpan | ui::dialog | 0.06 |
| cpan | ui::dialog | 0.11 |
| cpan | ui::dialog | 0.17 |
| cpan | ui::dialog | 1.00 |
| cpan | ui::dialog | 0.19 |
| cpan | ui::dialog | 1.01 |
| cpan | ui::dialog | 1.09 |
| cpan | ui::dialog | 0.14 |
| cpan | ui::dialog | 0.04 |
| cpan | ui::dialog | 0.10 |
| cpan | ui::dialog | 0.18 |
| cpan | ui::dialog | 0.09 |
| cpan | ui::dialog | 1.03 |
| cpan | ui::dialog | 0.02 |
| cpan | ui::dialog | 1.05 |
| cpan | ui::dialog | 0.21 |
| cpan | ui::dialog | 0.16 |
| cpan | ui::dialog | 1.07 |
| cpan | ui::dialog | 0.07 |
| cpan | ui::dialog | 1.06 |
| cpan | ui::dialog | 0.08 |
| cpan | ui::dialog | 0.20 |
| cpan | ui::dialog | 0.15 |
| cpan | ui::dialog | 0.03 |
| cpan | ui::dialog | 0.05 |
| cpan | ui::dialog | 1.08 |
| cpan | ui::dialog | 1.04 |
| cpan | ui::dialog | 0.01 |
| cpan | ui::dialog | 1.02 |
_is_safe in the File::Temp module for Perl does not properly handle symlinks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cpan | file::temp | - |