CVE-2021-47157
CRITICALKossy < 0.60 - JSON Hijacking via X-Requested-With Header Mishandling
Title source: llmDescription
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
References (2)
Core 2
Core References
Various Sources
https://metacpan.org/dist/Kossy/changes
Issue Tracking
https://github.com/kazeburo/Kossy/pull/16
Scores
CVSS v3
9.8
EPSS
0.0041
EPSS Percentile
32.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-346
Status
published
Published
Mar 18, 2024
Tracked Since
Feb 18, 2026