Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/genix/cms@1.1.5
Typecomposer
Namespacegenix
Namecms
Version1.1.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.1.6
Latest_non_vulnerable_version1.1.6
Affected_by_vulnerabilities
0
url VCID-115p-cvgk-1fcm
vulnerability_id VCID-115p-cvgk-1fcm
summary 
Cross-site Scripting
GeniXCMS has an XSS via the `from`, `id`, `lang`, `menuid`, `mod`, `q`, `status`, `term`, `to`, or `token` parameters.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17431
reference_id CVE-2017-17431
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17431
fixed_packages
0
url pkg:composer/genix/cms@1.1.6
purl pkg:composer/genix/cms@1.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/genix/cms@1.1.6
aliases CVE-2017-17431
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-115p-cvgk-1fcm
Fixing_vulnerabilities
0
url VCID-a31b-8m5f-8uhf
vulnerability_id VCID-a31b-8m5f-8uhf
summary 
Cross-site Scripting
GeniXCMS in `/inc/lib/Control/Backend/menus.control.php` has an XSS via the `id` parameter.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14762
reference_id CVE-2017-14762
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14762
fixed_packages
0
url pkg:composer/genix/cms@1.1.5
purl pkg:composer/genix/cms@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-115p-cvgk-1fcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/genix/cms@1.1.5
aliases CVE-2017-14762
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a31b-8m5f-8uhf
1
url VCID-d6b5-5jtr-xbg9
vulnerability_id VCID-d6b5-5jtr-xbg9
summary 
Code Injection
Authenticated users can execute arbitrary PHP code via a `.php` file in a ZIP archive of a theme.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14763
reference_id CVE-2017-14763
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14763
fixed_packages
0
url pkg:composer/genix/cms@1.1.5
purl pkg:composer/genix/cms@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-115p-cvgk-1fcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/genix/cms@1.1.5
aliases CVE-2017-14763
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6b5-5jtr-xbg9
2
url VCID-egzj-24sa-ryen
vulnerability_id VCID-egzj-24sa-ryen
summary 
Code Injection
In the Upload Modules page, remote authenticated users can execute arbitrary PHP code via a `.php` file in a ZIP archive of a module.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14764
reference_id CVE-2017-14764
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14764
fixed_packages
0
url pkg:composer/genix/cms@1.1.5
purl pkg:composer/genix/cms@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-115p-cvgk-1fcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/genix/cms@1.1.5
aliases CVE-2017-14764
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egzj-24sa-ryen
3
url VCID-kh1w-jbky-6udy
vulnerability_id VCID-kh1w-jbky-6udy
summary 
Cross-site Scripting
In GeniXCMS in `/inc/lib/backend/menus.control.php` has an XSS via the `id` parameter.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14761
reference_id CVE-2017-14761
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14761
fixed_packages
0
url pkg:composer/genix/cms@1.1.5
purl pkg:composer/genix/cms@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-115p-cvgk-1fcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/genix/cms@1.1.5
aliases CVE-2017-14761
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kh1w-jbky-6udy
4
url VCID-y3ud-dqh6-m3dm
vulnerability_id VCID-y3ud-dqh6-m3dm
summary 
Cross-site Scripting
GeniXCMS, in `gxadmin/index.php` has an XSS via the Menu `ID` field in a `page=menus` request.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14765
reference_id CVE-2017-14765
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14765
fixed_packages
0
url pkg:composer/genix/cms@1.1.5
purl pkg:composer/genix/cms@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-115p-cvgk-1fcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/genix/cms@1.1.5
aliases CVE-2017-14765
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3ud-dqh6-m3dm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/genix/cms@1.1.5