Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.sonymobile.jenkins.plugins.teamviews/team-views@0.9.0
Typemaven
Namespacecom.sonymobile.jenkins.plugins.teamviews
Nameteam-views
Version0.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-y9sx-rr35-gqcu
vulnerability_id VCID-y9sx-rr35-gqcu
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission.
references
0
reference_url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2324
reference_id
reference_type
scores
url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2324
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25203
reference_id CVE-2022-25203
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25203
2
reference_url https://github.com/advisories/GHSA-mv5c-724f-3fq7
reference_id GHSA-mv5c-724f-3fq7
reference_type
scores
url https://github.com/advisories/GHSA-mv5c-724f-3fq7
fixed_packages
aliases CVE-2022-25203, GHSA-mv5c-724f-3fq7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9sx-rr35-gqcu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.sonymobile.jenkins.plugins.teamviews/team-views@0.9.0