Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/shopxo/shopxo@2.2.1

Type composer

Namespace shopxo

Name shopxo

Version 2.2.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.5.0

Latest_non_vulnerable_version 6.5.0

Affected_by_vulnerabilities

url

VCID-11mx-hb3k-a7cx

vulnerability_id

VCID-11mx-hb3k-a7cx

summary

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6524

reference_id

reference_type

scores

value	0.0011
scoring_system	epss
scoring_elements	0.28962
published_at	2026-06-11T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29172
published_at	2026-06-14T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29183
published_at	2026-06-13T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29165
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6524

reference_url

https://github.com/gongfuxiang/shopxo

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo

reference_url

https://vuldb.com/?ctiid.270367

reference_id

?ctiid.270367

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/

url

https://vuldb.com/?ctiid.270367

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-6524

reference_id

CVE-2024-6524

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-6524

reference_url

https://github.com/advisories/GHSA-c96r-38gv-grp4

reference_id

GHSA-c96r-38gv-grp4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c96r-38gv-grp4

reference_url

https://vuldb.com/?id.270367

reference_id

?id.270367

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/

url

https://vuldb.com/?id.270367

reference_url

https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md

reference_id

shopxo_ssrf.md

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/

url

https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md

reference_url

https://vuldb.com/?submit.365173

reference_id

?submit.365173

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/

url

https://vuldb.com/?submit.365173

fixed_packages

aliases

CVE-2024-6524, GHSA-c96r-38gv-grp4

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-11mx-hb3k-a7cx

url VCID-3e2s-k7zv-qfep

vulnerability_id VCID-3e2s-k7zv-qfep

summary shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-28094

reference_id

reference_type

scores

value	0.00142
scoring_system	epss
scoring_elements	0.34395
published_at	2026-06-12T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.344
published_at	2026-06-14T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34217
published_at	2026-06-11T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.3442
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-28094

reference_url

https://github.com/gongfuxiang/shopxo

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-28094

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-28094

reference_url

https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo

reference_id

echzollcdlmllgqo

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:09:50Z/

url

https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo

reference_url

https://github.com/advisories/GHSA-24cf-848g-762c

reference_id

GHSA-24cf-848g-762c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-24cf-848g-762c

fixed_packages

url	pkg:composer/shopxo/shopxo@6.5.0
purl	pkg:composer/shopxo/shopxo@6.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@6.5.0

aliases CVE-2025-28094, GHSA-24cf-848g-762c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3e2s-k7zv-qfep

url VCID-54rw-quet-63hb

vulnerability_id VCID-54rw-quet-63hb

summary Incorrect Permission Assignment for Critical Resource in ShopXO

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28056

reference_id

reference_type

scores

value	0.00433
scoring_system	epss
scoring_elements	0.63351
published_at	2026-06-12T12:55:00Z

value	0.00433
scoring_system	epss
scoring_elements	0.6325
published_at	2026-06-11T12:55:00Z

value	0.00433
scoring_system	epss
scoring_elements	0.6336
published_at	2026-06-14T12:55:00Z

value	0.00433
scoring_system	epss
scoring_elements	0.63363
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28056

reference_url

https://github.com/gongfuxiang/shopxo

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo

reference_url

https://github.com/gongfuxiang/shopxo/issues/66

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo/issues/66

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-28056

reference_id

CVE-2022-28056

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-28056

reference_url

https://github.com/advisories/GHSA-jfph-3hpg-2f65

reference_id

GHSA-jfph-3hpg-2f65

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jfph-3hpg-2f65

fixed_packages

url pkg:composer/shopxo/shopxo@2.2.6

purl pkg:composer/shopxo/shopxo@2.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11mx-hb3k-a7cx

vulnerability	VCID-3e2s-k7zv-qfep

vulnerability	VCID-pxnh-edwg-x3ad

vulnerability	VCID-uzna-87y4-fygz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@2.2.6

aliases CVE-2022-28056, GHSA-jfph-3hpg-2f65

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54rw-quet-63hb

url VCID-pxnh-edwg-x3ad

vulnerability_id VCID-pxnh-edwg-x3ad

summary ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-28093

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28303
published_at	2026-06-12T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.2832
published_at	2026-06-14T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28107
published_at	2026-06-11T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28328
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-28093

reference_url

https://github.com/gongfuxiang/shopxo

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-28093

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-28093

reference_url

https://github.com/advisories/GHSA-gfhv-5rqh-7qx3

reference_id

GHSA-gfhv-5rqh-7qx3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gfhv-5rqh-7qx3

reference_url

https://www.yuque.com/morysummer/vx41bz/he2hb8ic8an8h07f

reference_id

he2hb8ic8an8h07f

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T19:13:03Z/

url

https://www.yuque.com/morysummer/vx41bz/he2hb8ic8an8h07f

fixed_packages

url	pkg:composer/shopxo/shopxo@6.5.0
purl	pkg:composer/shopxo/shopxo@6.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@6.5.0

aliases CVE-2025-28093, GHSA-gfhv-5rqh-7qx3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxnh-edwg-x3ad

url VCID-uzna-87y4-fygz

vulnerability_id VCID-uzna-87y4-fygz

summary ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-28092

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28303
published_at	2026-06-12T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.2832
published_at	2026-06-14T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28107
published_at	2026-06-11T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28328
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-28092

reference_url

https://github.com/gongfuxiang/shopxo

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-28092

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-28092

reference_url

https://github.com/advisories/GHSA-p736-g6pg-hjhw

reference_id

GHSA-p736-g6pg-hjhw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p736-g6pg-hjhw

reference_url

https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu

reference_id

stggvmlxs9ewqlvu

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T19:15:18Z/

url

https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu

fixed_packages

url	pkg:composer/shopxo/shopxo@6.5.0
purl	pkg:composer/shopxo/shopxo@6.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@6.5.0

aliases CVE-2025-28092, GHSA-p736-g6pg-hjhw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzna-87y4-fygz

Fixing_vulnerabilities

url VCID-ggdd-y7x6-3qf4

vulnerability_id VCID-ggdd-y7x6-3qf4

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41938

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59729
published_at	2026-06-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59837
published_at	2026-06-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59849
published_at	2026-06-13T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5984
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41938

reference_url

https://github.com/gongfuxiang/shopxo

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo

reference_url

https://github.com/gongfuxiang/shopxo/issues/64

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gongfuxiang/shopxo/issues/64

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41938

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41938

reference_url

https://github.com/advisories/GHSA-86p5-97jr-r598

reference_id

GHSA-86p5-97jr-r598

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-86p5-97jr-r598

fixed_packages

url pkg:composer/shopxo/shopxo@2.2.1

purl pkg:composer/shopxo/shopxo@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11mx-hb3k-a7cx

vulnerability	VCID-3e2s-k7zv-qfep

vulnerability	VCID-54rw-quet-63hb

vulnerability	VCID-pxnh-edwg-x3ad

vulnerability	VCID-uzna-87y4-fygz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@2.2.1

aliases CVE-2021-41938, GHSA-86p5-97jr-r598

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggdd-y7x6-3qf4

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@2.2.1

Package Instance