Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/ezsystems/ezpublish-kernel@7.3.3

Type composer

Namespace ezsystems

Name ezpublish-kernel

Version 7.3.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.5.31

Latest_non_vulnerable_version 8.0.0-beta1

Affected_by_vulnerabilities

url VCID-n9ba-bdr7-vkfg

vulnerability_id VCID-n9ba-bdr7-vkfg

summary

Cross-site scripting in eZ Platform Kernel
In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-46875

reference_id

reference_type

scores

value	0.00542
scoring_system	epss
scoring_elements	0.6805
published_at	2026-06-04T12:55:00Z

value	0.00542
scoring_system	epss
scoring_elements	0.68089
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-46875

reference_url

https://github.com/ezsystems/ezpublish-kernel

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-kernel

reference_url

https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/

url

https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b

reference_url

https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1

reference_url

https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-46875

reference_id

CVE-2021-46875

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-46875

reference_url	https://github.com/advisories/GHSA-mrvj-7q4f-5p42
reference_id	GHSA-mrvj-7q4f-5p42
reference_type
scores
url	https://github.com/advisories/GHSA-mrvj-7q4f-5p42

reference_url

https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42

reference_id

GHSA-mrvj-7q4f-5p42

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/

url

https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42

fixed_packages

url	pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
purl	pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2

url pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2

purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1eex-e332-37e8

vulnerability	VCID-3pbx-gwd6-jyfs

vulnerability	VCID-86hr-ej2a-ubbw

vulnerability	VCID-hhfp-81fr-zkhn

vulnerability	VCID-jz3f-vywm-v7a7

vulnerability	VCID-q58t-76x6-mqgp

vulnerability	VCID-tw5w-dvc4-gfh4

vulnerability	VCID-ueng-9gm9-4qb2

vulnerability	VCID-veax-u5rr-4kbv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2

aliases CVE-2021-46875, GHSA-mrvj-7q4f-5p42, GMS-2021-111, GMS-2021-47

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9ba-bdr7-vkfg

url VCID-ukn1-91je-x7hw

vulnerability_id VCID-ukn1-91je-x7hw

summary

Unrestricted Upload of File with Dangerous Type
eZ Publish Legacy allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only `app.php` execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10806

reference_id

reference_type

scores

value	0.02833
scoring_system	epss
scoring_elements	0.86454
published_at	2026-06-04T12:55:00Z

value	0.02833
scoring_system	epss
scoring_elements	0.86477
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10806

reference_url

https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10806

reference_id

CVE-2020-10806

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10806

fixed_packages

url	pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2
purl	pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6%252B2

url pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2

purl pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1eex-e332-37e8

vulnerability	VCID-3pbx-gwd6-jyfs

vulnerability	VCID-7k4g-s55n-zba3

vulnerability	VCID-86hr-ej2a-ubbw

vulnerability	VCID-8cdb-zjbz-1kdv

vulnerability	VCID-hhfp-81fr-zkhn

vulnerability	VCID-jz3f-vywm-v7a7

vulnerability	VCID-m6hv-1sz4-mfff

vulnerability	VCID-n9ba-bdr7-vkfg

vulnerability	VCID-q58t-76x6-mqgp

vulnerability	VCID-tw5w-dvc4-gfh4

vulnerability	VCID-ueng-9gm9-4qb2

vulnerability	VCID-veax-u5rr-4kbv

vulnerability	VCID-vpbp-kn99-hygk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2

aliases CVE-2020-10806, GHSA-54p5-gxq6-j98g

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukn1-91je-x7hw

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.3.3

Package Instance