/ 
Yukki-0.140290
River stage zero No dependents
/ Yukki::Web::Controller::Login
Security Advisories (3)
CVE-2016-4566 (2016-05-22)

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

CVE-2010-5312 (2014-11-24)

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2021-23562 (2021-12-03)

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

NAME

Yukki::Web::Controller::Login - shows the login page and handles login

VERSION

version 0.140290

DESCRIPTION

Shows the login page and handles login.

METHODS

fire

Routes page reqquests to "show_login_page", submit requests to "check_login_submission", and exit requests to "logout".

show_login_page

Calls "page" in Yukki::Web::View::Login to display the login page.

check_password

Checks that the user's password is valid.

check_login_submission

Authenticates a user login.

logout

Expires the session, causing logout.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2014 by Qubling Software LLC.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.