Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core@3.2.0
Typecomposer
Namespacecontao
Namecore
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5639-8xt3-8ugc
vulnerability_id VCID-5639-8xt3-8ugc
summary 
Improper Input Validation
Insufficient input validation allows for code injection and remote execution.
references
0
reference_url https://contao.org/en/news/new-security-hole-found-in-contao.html
reference_id
reference_type
scores
url https://contao.org/en/news/new-security-hole-found-in-contao.html
fixed_packages
0
url pkg:composer/contao/core@3.2.9
purl pkg:composer/contao/core@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-ejwd-wgb2-47e2
5
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.9
1
url pkg:composer/contao/core@3.2.11
purl pkg:composer/contao/core@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-ejwd-wgb2-47e2
5
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.11
aliases GMS-2014-36
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5639-8xt3-8ugc
1
url VCID-5kwa-7kx3-kfga
vulnerability_id VCID-5kwa-7kx3-kfga
summary 
Weak Password Recovery Mechanism for Forgotten Password
Contao has a Weak Password Recovery Mechanism for a Forgotten Password.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10641
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50287
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10641
1
reference_url https://contao.org/en/news/security-vulnerability-cve-2019-10641.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/security-vulnerability-cve-2019-10641.html
2
reference_url https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe
3
reference_url https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8
4
reference_url https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10641
reference_id CVE-2019-10641
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10641
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml
reference_id CVE-2019-10641.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml
reference_id CVE-2019-10641.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml
reference_id CVE-2019-10641.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml
9
reference_url https://github.com/advisories/GHSA-vcgg-hp4r-87gx
reference_id GHSA-vcgg-hp4r-87gx
reference_type
scores
url https://github.com/advisories/GHSA-vcgg-hp4r-87gx
fixed_packages
0
url pkg:composer/contao/core@3.5.39
purl pkg:composer/contao/core@3.5.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6um8-6hqz-uybm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.39
aliases CVE-2019-10641, GHSA-vcgg-hp4r-87gx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kwa-7kx3-kfga
2
url VCID-6bch-mqbz-bqfs
vulnerability_id VCID-6bch-mqbz-bqfs
summary 
XSS vulnerability in the newsletter extension
The vulnerability is in the "unsubscribe" module of the newsletter extension and can easily be exploited by anyone in the front end. If you are not using the newsletter extension or the "unsubscribe" module, your installation is not affected by the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5478
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.2291
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5478
1
reference_url https://contao.org/en/news/contao-3_5_32.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_32.html
2
reference_url https://github.com/contao/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core
3
reference_url https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5478
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-5478
6
reference_url https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397
fixed_packages
0
url pkg:composer/contao/core@3.5.32
purl pkg:composer/contao/core@3.5.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6um8-6hqz-uybm
2
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.32
aliases CVE-2018-5478, GHSA-mpg7-2rx9-h5qp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bch-mqbz-bqfs
3
url VCID-6um8-6hqz-uybm
vulnerability_id VCID-6um8-6hqz-uybm
summary 
SQL injection vulnerability
Both the search filter in the back end and the "listing" module in the front end are vulnerable to SQL injection. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end vulnerability can be exploited by anyone.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52475
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
2
reference_url https://contao.org/de/changelog/versions/4.4.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/de/changelog/versions/4.4.html
3
reference_url https://contao.org/en/news/contao-4_4_8.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_8.html
4
reference_url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
5
reference_url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
6
reference_url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
7
reference_url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
fixed_packages
aliases CVE-2017-16558, GHSA-w38g-hj45-mjjp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6um8-6hqz-uybm
4
url VCID-crsc-bhc9-y3f9
vulnerability_id VCID-crsc-bhc9-y3f9
summary 
PHP file inclusion vulnerability in the back end
A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10993
reference_id
reference_type
scores
0
value 0.00825
scoring_system epss
scoring_elements 0.74825
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10993
1
reference_url https://contao.org/en/news/contao-3_5_28.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_28.html
2
reference_url https://contao.org/en/news/contao-4_4_1.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_1.html
3
reference_url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
reference_id CVE-2017-10993
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
8
reference_url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
reference_id GHSA-x5g4-crxq-qxjx
reference_type
scores
url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
fixed_packages
0
url pkg:composer/contao/core@3.5.28
purl pkg:composer/contao/core@3.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.28
aliases CVE-2017-10993, GHSA-x5g4-crxq-qxjx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crsc-bhc9-y3f9
5
url VCID-ejwd-wgb2-47e2
vulnerability_id VCID-ejwd-wgb2-47e2
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in `flash/FlashMediaElement.as` in `MediaElement.js` allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the `jsinitfunction` parameter, as demonstrated by `jsinitfunctio%gn`."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4567
reference_id
reference_type
scores
0
value 0.04155
scoring_system epss
scoring_elements 0.88864
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4567
1
reference_url https://codex.wordpress.org/Version_4.5.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://codex.wordpress.org/Version_4.5.2
2
reference_url https://contao.org/en/news/contao-3_5_15.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_15.html
3
reference_url https://core.trac.wordpress.org/changeset/37371
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://core.trac.wordpress.org/changeset/37371
4
reference_url https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
5
reference_url https://github.com/johndyer/mediaelement/blob/master/changelog.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/johndyer/mediaelement/blob/master/changelog.md
6
reference_url https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
7
reference_url https://github.com/mediaelement/mediaelement/blob/b992ccf5f0c04a207d98bbb0868420751a61ec90/changelog.md?plain=1#L1024
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mediaelement/mediaelement/blob/b992ccf5f0c04a207d98bbb0868420751a61ec90/changelog.md?plain=1#L1024
8
reference_url https://github.com/mediaelement/mediaelement/blob/master/changelog.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mediaelement/mediaelement/blob/master/changelog.md
9
reference_url https://github.com/mediaelement/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mediaelement/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
10
reference_url https://web.archive.org/web/20170205142412/http://www.securitytracker.com/id/1035818
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170205142412/http://www.securitytracker.com/id/1035818
11
reference_url https://wordpress.org/news/2016/05/wordpress-4-5-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wordpress.org/news/2016/05/wordpress-4-5-2
12
reference_url https://wpvulndb.com/vulnerabilities/8488
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wpvulndb.com/vulnerabilities/8488
13
reference_url http://www.openwall.com/lists/oss-security/2016/05/07/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/07/2
14
reference_url http://www.securitytracker.com/id/1035818
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1035818
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823649
reference_id 823649
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823649
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4567
reference_id CVE-2016-4567
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4567
17
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao-components/mediaelement/CVE-2016-4567.yaml
reference_id CVE-2016-4567.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao-components/mediaelement/CVE-2016-4567.yaml
18
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2016-4567.yaml
reference_id CVE-2016-4567.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2016-4567.yaml
19
reference_url https://github.com/advisories/GHSA-277w-qpxr-2549
reference_id GHSA-277w-qpxr-2549
reference_type
scores
url https://github.com/advisories/GHSA-277w-qpxr-2549
fixed_packages
0
url pkg:composer/contao/core@3.5.15
purl pkg:composer/contao/core@3.5.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.15
aliases CVE-2016-4567, GHSA-277w-qpxr-2549
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejwd-wgb2-47e2
6
url VCID-epmj-qf23-xffd
vulnerability_id VCID-epmj-qf23-xffd
summary 
XSS in system log of back end
There's a Cross-Site Scripting (XSS) vulnerability in system log of back end. With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker themselves does not have to be logged in.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56045
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
1
reference_url https://contao.org/en/news/contao-3_5_35.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_35.html
2
reference_url https://contao.org/en/news/contao-4_4_18.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_18.html
3
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
reference_id CVE-2018-10125
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
8
reference_url https://github.com/advisories/GHSA-pj4j-287j-f742
reference_id GHSA-pj4j-287j-f742
reference_type
scores
url https://github.com/advisories/GHSA-pj4j-287j-f742
fixed_packages
0
url pkg:composer/contao/core@3.5.35
purl pkg:composer/contao/core@3.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6um8-6hqz-uybm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.35
aliases CVE-2018-10125, GHSA-pj4j-287j-f742
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epmj-qf23-xffd
7
url VCID-u721-yafq-bkc7
vulnerability_id VCID-u721-yafq-bkc7
summary 
Code Injection
PHP object injection vulnerability allows for arbitrary code execution.
references
0
reference_url https://contao.org/en/news/major-security-hole-found-in-contao.html
reference_id
reference_type
scores
url https://contao.org/en/news/major-security-hole-found-in-contao.html
fixed_packages
0
url pkg:composer/contao/core@3.2.7
purl pkg:composer/contao/core@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-6bch-mqbz-bqfs
3
vulnerability VCID-6um8-6hqz-uybm
4
vulnerability VCID-crsc-bhc9-y3f9
5
vulnerability VCID-ejwd-wgb2-47e2
6
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.7
aliases GMS-2014-35
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u721-yafq-bkc7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.0