Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56414?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56414?format=api", "purl": "pkg:composer/ec-cube/ec-cube@2.12.0", "type": "composer", "namespace": "ec-cube", "name": "ec-cube", "version": "2.12.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.17", "latest_non_vulnerable_version": "4.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40219?format=api", "vulnerability_id": "VCID-5eu9-23qz-4uab", "summary": "Cross-site Scripting\nA Cross-site scripting vulnerability in EC-CUBE Payment Module allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0657", "reference_id": "CVE-2018-0657", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0657" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56415?format=api", "purl": "pkg:composer/ec-cube/ec-cube@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c6vr-e9zn-cbaz" }, { "vulnerability": "VCID-fuus-wqhf-s3be" }, { "vulnerability": "VCID-he32-4cf1-akf5" }, { "vulnerability": "VCID-mr5c-68tz-nfbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0" } ], "aliases": [ "CVE-2018-0657" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5eu9-23qz-4uab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45873?format=api", "vulnerability_id": "VCID-9xhp-yr36-4qak", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nEC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in \"mail/template\" and \"products/product\" of Management page.\r\nIf this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.", "references": [ { "reference_url": "https://jvn.jp/en/jp/JVN46993816/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jvn.jp/en/jp/JVN46993816/" }, { "reference_url": "https://www.ec-cube.net/info/weakness/20230727/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ec-cube.net/info/weakness/20230727/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40281", "reference_id": "CVE-2023-40281", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64223?format=api", "purl": "pkg:composer/ec-cube/ec-cube@2.13.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-he32-4cf1-akf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.13.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/64225?format=api", "purl": "pkg:composer/ec-cube/ec-cube@2.17.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-he32-4cf1-akf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.2" } ], "aliases": [ "CVE-2023-40281" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xhp-yr36-4qak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44608?format=api", "vulnerability_id": "VCID-he32-4cf1-akf5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.", "references": [ { "reference_url": "https://jvn.jp/en/jp/JVN04785663/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jvn.jp/en/jp/JVN04785663/" }, { "reference_url": "https://www.ec-cube.net/info/weakness/20230214/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ec-cube.net/info/weakness/20230214/" }, { "reference_url": "https://www.ec-cube.net/info/weakness/20230214/index_2.php", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ec-cube.net/info/weakness/20230214/index_2.php" }, { "reference_url": "https://www.ec-cube.net/info/weakness/20230214/index_3.php", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ec-cube.net/info/weakness/20230214/index_3.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22438", "reference_id": "CVE-2023-22438", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22438" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64200?format=api", "purl": "pkg:composer/ec-cube/ec-cube@4.0.6-p1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64201?format=api", "purl": "pkg:composer/ec-cube/ec-cube@4.1.2-p1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64202?format=api", "purl": "pkg:composer/ec-cube/ec-cube@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.1" } ], "aliases": [ "CVE-2023-22438" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-he32-4cf1-akf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40220?format=api", "vulnerability_id": "VCID-mmfy-uhca-ukeq", "summary": "Improper Input Validation\nAn Input validation issue in EC-CUBE Payment Module allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0658", "reference_id": "CVE-2018-0658", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0658" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56415?format=api", "purl": "pkg:composer/ec-cube/ec-cube@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c6vr-e9zn-cbaz" }, { "vulnerability": "VCID-fuus-wqhf-s3be" }, { "vulnerability": "VCID-he32-4cf1-akf5" }, { "vulnerability": "VCID-mr5c-68tz-nfbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0" } ], "aliases": [ "CVE-2018-0658" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmfy-uhca-ukeq" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.12.0" }