Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/555167?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/555167?format=api", "purl": "pkg:composer/shopxo/shopxo@2.2.1", "type": "composer", "namespace": "shopxo", "name": "shopxo", "version": "2.2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.5.0", "latest_non_vulnerable_version": "6.5.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50347?format=api", "vulnerability_id": "VCID-11mx-hb3k-a7cx", "summary": "A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28962", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29183", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29165", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6524" }, { "reference_url": "https://github.com/gongfuxiang/shopxo", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo" }, { "reference_url": "https://vuldb.com/?ctiid.270367", "reference_id": "?ctiid.270367", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/" } ], "url": "https://vuldb.com/?ctiid.270367" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6524", "reference_id": "CVE-2024-6524", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6524" }, { "reference_url": "https://github.com/advisories/GHSA-c96r-38gv-grp4", "reference_id": "GHSA-c96r-38gv-grp4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c96r-38gv-grp4" }, { "reference_url": "https://vuldb.com/?id.270367", "reference_id": "?id.270367", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/" } ], "url": "https://vuldb.com/?id.270367" }, { "reference_url": "https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md", "reference_id": "shopxo_ssrf.md", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/" } ], "url": "https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md" }, { "reference_url": "https://vuldb.com/?submit.365173", "reference_id": "?submit.365173", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T15:52:29Z/" } ], "url": "https://vuldb.com/?submit.365173" } ], "fixed_packages": [], "aliases": [ "CVE-2024-6524", "GHSA-c96r-38gv-grp4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11mx-hb3k-a7cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100268?format=api", "vulnerability_id": "VCID-3e2s-k7zv-qfep", "summary": "shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3442", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34217", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34395", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28094" }, { "reference_url": "https://github.com/gongfuxiang/shopxo", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28094", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28094" }, { "reference_url": "https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo", "reference_id": "echzollcdlmllgqo", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:09:50Z/" } ], "url": "https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo" }, { "reference_url": "https://github.com/advisories/GHSA-24cf-848g-762c", "reference_id": "GHSA-24cf-848g-762c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-24cf-848g-762c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/791212?format=api", "purl": "pkg:composer/shopxo/shopxo@6.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@6.5.0" } ], "aliases": [ "CVE-2025-28094", "GHSA-24cf-848g-762c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3e2s-k7zv-qfep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209222?format=api", "vulnerability_id": "VCID-54rw-quet-63hb", "summary": "Incorrect Permission Assignment for Critical Resource in ShopXO", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63351", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6325", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63363", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28056" }, { "reference_url": "https://github.com/gongfuxiang/shopxo", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo" }, { "reference_url": "https://github.com/gongfuxiang/shopxo/issues/66", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo/issues/66" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28056", "reference_id": "CVE-2022-28056", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28056" }, { "reference_url": "https://github.com/advisories/GHSA-jfph-3hpg-2f65", "reference_id": "GHSA-jfph-3hpg-2f65", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfph-3hpg-2f65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20705?format=api", "purl": "pkg:composer/shopxo/shopxo@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11mx-hb3k-a7cx" }, { "vulnerability": "VCID-3e2s-k7zv-qfep" }, { "vulnerability": "VCID-pxnh-edwg-x3ad" }, { "vulnerability": "VCID-uzna-87y4-fygz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@2.2.6" } ], "aliases": [ "CVE-2022-28056", "GHSA-jfph-3hpg-2f65" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54rw-quet-63hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100233?format=api", "vulnerability_id": "VCID-pxnh-edwg-x3ad", "summary": "ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28303", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28328", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28107", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28093" }, { "reference_url": "https://github.com/gongfuxiang/shopxo", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28093", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28093" }, { "reference_url": "https://github.com/advisories/GHSA-gfhv-5rqh-7qx3", "reference_id": "GHSA-gfhv-5rqh-7qx3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gfhv-5rqh-7qx3" }, { "reference_url": "https://www.yuque.com/morysummer/vx41bz/he2hb8ic8an8h07f", "reference_id": "he2hb8ic8an8h07f", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T19:13:03Z/" } ], "url": "https://www.yuque.com/morysummer/vx41bz/he2hb8ic8an8h07f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/791212?format=api", "purl": "pkg:composer/shopxo/shopxo@6.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@6.5.0" } ], "aliases": [ "CVE-2025-28093", "GHSA-gfhv-5rqh-7qx3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxnh-edwg-x3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100367?format=api", "vulnerability_id": "VCID-uzna-87y4-fygz", "summary": "ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28328", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28107", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28303", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28092" }, { "reference_url": "https://github.com/gongfuxiang/shopxo", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28092", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28092" }, { "reference_url": "https://github.com/advisories/GHSA-p736-g6pg-hjhw", "reference_id": "GHSA-p736-g6pg-hjhw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p736-g6pg-hjhw" }, { "reference_url": "https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu", "reference_id": "stggvmlxs9ewqlvu", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T19:15:18Z/" } ], "url": "https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/791212?format=api", "purl": "pkg:composer/shopxo/shopxo@6.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@6.5.0" } ], "aliases": [ "CVE-2025-28092", "GHSA-p736-g6pg-hjhw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzna-87y4-fygz" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/344135?format=api", "vulnerability_id": "VCID-ggdd-y7x6-3qf4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59729", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59837", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59849", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41938" }, { "reference_url": "https://github.com/gongfuxiang/shopxo", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo" }, { "reference_url": "https://github.com/gongfuxiang/shopxo/issues/64", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gongfuxiang/shopxo/issues/64" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41938", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41938" }, { "reference_url": "https://github.com/advisories/GHSA-86p5-97jr-r598", "reference_id": "GHSA-86p5-97jr-r598", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86p5-97jr-r598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/555167?format=api", "purl": "pkg:composer/shopxo/shopxo@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11mx-hb3k-a7cx" }, { "vulnerability": "VCID-3e2s-k7zv-qfep" }, { "vulnerability": "VCID-54rw-quet-63hb" }, { "vulnerability": "VCID-pxnh-edwg-x3ad" }, { "vulnerability": "VCID-uzna-87y4-fygz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@2.2.1" } ], "aliases": [ "CVE-2021-41938", "GHSA-86p5-97jr-r598" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggdd-y7x6-3qf4" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopxo/shopxo@2.2.1" }