Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/phpmailer/phpmailer@6.0.0-rc5

Type composer

Namespace phpmailer

Name phpmailer

Version 6.0.0-rc5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.6

Latest_non_vulnerable_version 6.0.6

Affected_by_vulnerabilities

url VCID-1vfj-98ky-yffc

vulnerability_id VCID-1vfj-98ky-yffc

summary

XSS vulnerability in code example
The `code_generator.phps` example does not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There's also an undisclosed potential XSS vulnerability in the default exception handler (unused by default).

references

reference_url	https://github.com/PHPMailer/PHPMailer/commit/dbbc1397c41de56aa3a57c8188d19a345dea5c63
reference_id
reference_type
scores
url	https://github.com/PHPMailer/PHPMailer/commit/dbbc1397c41de56aa3a57c8188d19a345dea5c63

reference_url	https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24
reference_id
reference_type
scores
url	https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24

fixed_packages

aliases CVE-2017-11503

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfj-98ky-yffc

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@6.0.0-rc5

Package Instance