Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/phpmailer/phpmailer@5.2.24

Type composer

Namespace phpmailer

Name phpmailer

Version 5.2.24

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 5.2.27

Latest_non_vulnerable_version 6.5.0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1vfj-98ky-yffc

vulnerability_id VCID-1vfj-98ky-yffc

summary

XSS vulnerability in code example
The `code_generator.phps` example does not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There's also an undisclosed potential XSS vulnerability in the default exception handler (unused by default).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-11503

reference_id

reference_type

scores

value	0.0294
scoring_system	epss
scoring_elements	0.86697
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-11503

reference_url

https://cxsecurity.com/issue/WLB-2017060181

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cxsecurity.com/issue/WLB-2017060181

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2017-11503.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2017-11503.yaml

reference_url	https://github.com/PHPMailer/PHPMailer/commit/dbbc1397c41de56aa3a57c8188d19a345dea5c63
reference_id
reference_type
scores
url	https://github.com/PHPMailer/PHPMailer/commit/dbbc1397c41de56aa3a57c8188d19a345dea5c63

reference_url

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24

reference_url

https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-58mj-pw57-4vm2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-58mj-pw57-4vm2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-11503

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-11503

reference_url

https://packetstormsecurity.com/files/143138/phpmailer-xss.txt

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packetstormsecurity.com/files/143138/phpmailer-xss.txt

reference_url

http://www.securityfocus.com/bid/99293

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/99293

reference_url

http://www.securitytracker.com/id/1039026

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1039026

fixed_packages

url	pkg:composer/phpmailer/phpmailer@5.2.24
purl	pkg:composer/phpmailer/phpmailer@5.2.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.24

aliases CVE-2017-11503, GHSA-58mj-pw57-4vm2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfj-98ky-yffc

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.24

Package Instance