Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/gleez/cms@1.2.0
Typecomposer
Namespacegleez
Namecms
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1r5f-9hjz-t7hf
vulnerability_id VCID-1r5f-9hjz-t7hf
summary 
Cross-Site Request Forgery (CSRF)
There is a CSRF vulnerability that can add an administrator account in Gleez CMS via `admin/users/add.`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15845
reference_id
reference_type
scores
0
value 0.00621
scoring_system epss
scoring_elements 0.70404
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15845
1
reference_url https://github.com/gleez/cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms
2
reference_url https://github.com/gleez/cms/issues/800
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms/issues/800
3
reference_url https://www.exploit-db.com/exploits/45258
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45258
4
reference_url https://www.exploit-db.com/exploits/45258/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45258/
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45258.txt
reference_id CVE-2018-15845
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45258.txt
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15845
reference_id CVE-2018-15845
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-15845
fixed_packages
aliases CVE-2018-15845, GHSA-g644-x4hj-cmhq
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5f-9hjz-t7hf
1
url VCID-ad39-9v2a-dyhv
vulnerability_id VCID-ad39-9v2a-dyhv
summary 
Information Exposure
An issue was discovered in Gleez CMS. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged-in users) to view profile page of other users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16704
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35752
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16704
1
reference_url https://github.com/gleez/cms
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms
2
reference_url https://github.com/gleez/cms/issues/801
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms/issues/801
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16704
reference_id CVE-2018-16704
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16704
4
reference_url https://github.com/advisories/GHSA-hh92-wg7v-8vfr
reference_id GHSA-hh92-wg7v-8vfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hh92-wg7v-8vfr
fixed_packages
aliases CVE-2018-16704, GHSA-hh92-wg7v-8vfr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad39-9v2a-dyhv
2
url VCID-j9md-p76h-23ar
vulnerability_id VCID-j9md-p76h-23ar
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in Gleez CMS might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7035
reference_id
reference_type
scores
0
value 0.00229
scoring_system epss
scoring_elements 0.45665
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7035
1
reference_url https://github.com/gleez/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms
2
reference_url https://github.com/gleez/cms/commit/d4ad1844e9fe6e2b9b92dfb351fb7e01047f9565
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms/commit/d4ad1844e9fe6e2b9b92dfb351fb7e01047f9565
3
reference_url https://github.com/gleez/cms/issues/794
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms/issues/794
4
reference_url https://github.com/gleez/cms/issues/796
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms/issues/796
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7035
reference_id CVE-2018-7035
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7035
fixed_packages
aliases CVE-2018-7035, GHSA-m2r2-qc49-gqw4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9md-p76h-23ar
3
url VCID-nngw-fcvy-uuh6
vulnerability_id VCID-nngw-fcvy-uuh6
summary 
Cross-site Scripting
An issue was discovered in Gleez CMS. There is XSS via `media/imagecache/resize.`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16347
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.45035
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16347
1
reference_url https://github.com/gleez/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms
2
reference_url https://github.com/gleez/cms/issues/798
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms/issues/798
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16347
reference_id CVE-2018-16347
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16347
fixed_packages
aliases CVE-2018-16347, GHSA-5qqx-32hw-5vx4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nngw-fcvy-uuh6
4
url VCID-sxth-62m3-s7c5
vulnerability_id VCID-sxth-62m3-s7c5
summary 
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27312
reference_id
reference_type
scores
0
value 0.02514
scoring_system epss
scoring_elements 0.85651
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27312
1
reference_url https://gist.github.com/LioTree/8d10d123d31f50db05a25586e62a87ba
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-03T17:15:13Z/
url https://gist.github.com/LioTree/8d10d123d31f50db05a25586e62a87ba
2
reference_url https://github.com/gleez/cms
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/gleez/cms
3
reference_url https://github.com/gleez/cms/issues/805
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-03T17:15:13Z/
url https://github.com/gleez/cms/issues/805
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27312
reference_id CVE-2021-27312
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27312
5
reference_url https://github.com/advisories/GHSA-7mxg-r76p-363g
reference_id GHSA-7mxg-r76p-363g
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mxg-r76p-363g
fixed_packages
aliases CVE-2021-27312, GHSA-7mxg-r76p-363g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxth-62m3-s7c5
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/gleez/cms@1.2.0