Jjn1056

**Name of the Vulnerable Software and Affected Versions** Catalyst-Plugin-Session versions up to 0.40 **Description** A vulnerability has been found in the function ` load sessionid` of the file `lib/Catalyst/Plugin/Session.pm` of the component Session ID Handler. The manipulation of the argument `sid` leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For Catalyst-Plugin-Session versions up to 0.40, upgrade to version 0.41 to address this issue. As a temporary workaround, consider restricting the manipulation of the `sid` argument in the ` load sessionid` function until the upgrade is applied.