/ 
Galileo-0.013
⭐ Starred 166
Security Advisories (1)
CVE-2019-7410 (2020-08-14)

There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).

Changes for version 0.013

  • User-side DBIC::DH work happens in temporary directories
    • Fixes permission errors when using as non-root
  • Improve test that seems to fail on win/mac
  • Output load error message if Galileo::DB::Schema fails to load

Documentation

Galileo

Modules

Galileo
A simple modern CMS built on Mojolicious

Provides

Galileo::Admin
in lib/Galileo/Admin.pm
Galileo::Command::config
in lib/Galileo/Command/config.pm
Galileo::Command::setup
in lib/Galileo/Command/setup.pm
Galileo::DB::Deploy
in lib/Galileo/DB/Deploy.pm
Galileo::DB::Schema
in lib/Galileo/DB/Schema.pm
Galileo::DB::Schema::Result::Menu
in lib/Galileo/DB/Schema/Result/Menu.pm
Galileo::DB::Schema::Result::Page
in lib/Galileo/DB/Schema/Result/Page.pm
Galileo::DB::Schema::Result::User
in lib/Galileo/DB/Schema/Result/User.pm
Galileo::Edit
in lib/Galileo/Edit.pm
Galileo::Page
in lib/Galileo/Page.pm
Galileo::User
in lib/Galileo/User.pm

Other files