The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.Referenceshttps://github.com/kazeburo/Kossy/pull/16https://metacpan.org/dist/Kossy/changes
