Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/DotNetNuke.Core@9.1.1

Type nuget

Namespace

Name DotNetNuke.Core

Version 9.1.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.2.0.366

Latest_non_vulnerable_version 10.2.0

Affected_by_vulnerabilities

url VCID-ez48-21un-3fe7

vulnerability_id VCID-ez48-21un-3fe7

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DNN (formerly DotNetNuke) allows cross-site scripting (XSS) via XML.

references

reference_url	http://www.dnnsoftware.com/community/security/security-center
reference_id
reference_type
scores
url	http://www.dnnsoftware.com/community/security/security-center

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14486
reference_id	CVE-2018-14486
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14486

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.2.0

purl pkg:nuget/DotNetNuke.Core@9.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dnf9-9hrt-1qfx

vulnerability	VCID-jw1r-pvtw-d3bz

vulnerability	VCID-uk5d-ubkt-6fhn

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0

aliases CVE-2018-14486

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ez48-21un-3fe7

Fixing_vulnerabilities

url VCID-f79t-dgkp-f3cy

vulnerability_id VCID-f79t-dgkp-f3cy

summary

Improper Input Validation
DNN (aka DotNetNuke) has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

references

reference_url	http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

reference_url	http://www.dnnsoftware.com/community/security/security-center
reference_id
reference_type
scores
url	http://www.dnnsoftware.com/community/security/security-center

reference_url	http://www.securityfocus.com/bid/102213
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102213

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9822
reference_id	CVE-2017-9822
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9822

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.1.1

purl pkg:nuget/DotNetNuke.Core@9.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ez48-21un-3fe7

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.1.1

aliases CVE-2017-9822

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f79t-dgkp-f3cy

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.1.1

Package Instance