Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/comments-bundle@5.3.4
Typecomposer
Namespacecontao
Namecomments-bundle
Version5.3.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.3.5
Latest_non_vulnerable_version5.3.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4cjt-36te-bqep
vulnerability_id VCID-4cjt-36te-bqep
summary Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28234
reference_id
reference_type
scores
0
value 0.00701
scoring_system epss
scoring_elements 0.7257
published_at 2026-06-12T12:55:00Z
1
value 0.00701
scoring_system epss
scoring_elements 0.72492
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28234
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/55b995d8d35da0d36bc6a22c53fe6423ab0c4ae2
reference_id 55b995d8d35da0d36bc6a22c53fe6423ab0c4ae2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T20:01:41Z/
url https://github.com/contao/contao/commit/55b995d8d35da0d36bc6a22c53fe6423ab0c4ae2
3
reference_url https://github.com/contao/contao/commit/6d42e667177c972ae7c219645593c262d7764ce2
reference_id 6d42e667177c972ae7c219645593c262d7764ce2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T20:01:41Z/
url https://github.com/contao/contao/commit/6d42e667177c972ae7c219645593c262d7764ce2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28234
reference_id CVE-2024-28234
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28234
5
reference_url https://github.com/advisories/GHSA-j55w-hjpj-825g
reference_id GHSA-j55w-hjpj-825g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j55w-hjpj-825g
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-j55w-hjpj-825g
reference_id GHSA-j55w-hjpj-825g
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T20:01:41Z/
url https://github.com/contao/contao/security/advisories/GHSA-j55w-hjpj-825g
7
reference_url https://contao.org/en/security-advisories/insufficient-bbcode-sanitization
reference_id insufficient-bbcode-sanitization
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T20:01:41Z/
url https://contao.org/en/security-advisories/insufficient-bbcode-sanitization
fixed_packages
0
url pkg:composer/contao/comments-bundle@4.13.40
purl pkg:composer/contao/comments-bundle@4.13.40
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/comments-bundle@4.13.40
1
url pkg:composer/contao/comments-bundle@4.13.41
purl pkg:composer/contao/comments-bundle@4.13.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/comments-bundle@4.13.41
2
url pkg:composer/contao/comments-bundle@5.3.4
purl pkg:composer/contao/comments-bundle@5.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/comments-bundle@5.3.4
3
url pkg:composer/contao/comments-bundle@5.3.5
purl pkg:composer/contao/comments-bundle@5.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/comments-bundle@5.3.5
aliases CVE-2024-28234, GHSA-j55w-hjpj-825g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cjt-36te-bqep
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/comments-bundle@5.3.4