Galileo 0.007 Deleted
Security Advisories
CVE-2019-7410
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).
- https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt
- https://github.com/jberger/Galileo/pull/55/files
- https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt
Fixed version: >=0.043
Severity: medium
Reported: 2020-08-14
Kwalitee Issues
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: Galileo::DB::Schema, Galileo::DB::Schema::Result::Menu, Galileo::DB::Schema::Result::Page, Galileo::DB::Schema::Result::User
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: Galileo::DB::Schema, Galileo::DB::Schema::Result::Menu, Galileo::DB::Schema::Result::Page, Galileo::DB::Schema::Result::User
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Galileo | A simple modern CMS built on Mojolicious | 0.007 | metacpan |
Galileo::Admin | 0 | metacpan | |
Galileo::Command::config | 0 | metacpan | |
Galileo::Command::setup | 0 | metacpan | |
Galileo::DB::Schema | 0 | metacpan | |
Galileo::DB::Schema::Result::Menu | 0 | metacpan | |
Galileo::DB::Schema::Result::Page | 0 | metacpan | |
Galileo::DB::Schema::Result::User | 0 | metacpan | |
Galileo::Edit | 0 | metacpan | |
Galileo::Page | 0 | metacpan | |
Galileo::User | 0 | metacpan |