Metamorfosec Commits METC-2020-002 Escape banner in Galileo CMS v0.042 FIRST PUBLISHED: Aug 12, 2020 VERSION: 1.0 PRODUCT: Galileo CMS (https://github.com/jberger/Galileo) AFFECTED VERSION: 0.042 LANGUAGE: Perl PRODUCT DESCRIPTION: (based on https://metacpan.org/pod/Galileo) Galileo is a Perl CMS (built on Mojolicious) with some unusual features. It uses client-side markdown rendering and websockets for saving page data without reloading. FINDING: banner in show.html.ep previously was not escaped that may lead stored XSS. FIX: Utilized XML escape for Mojolicious .ep template, i.e. <%= Perl expression %> [-] % content_for banner => $page_title; [+] % content_for banner => <%= $page_title %>; REVISION HISTORY: Aug 12, 2020 - First release REFERENCES: 1. https://github.com/jberger/Galileo/pull/55/files 2. https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt DISCLAIMER: The information provided in this document is provided "as is" and without warranty of any kind. Details of this document may be updated in order to provide as accurate information as possible. The latest version of this document is available on the our website.