Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62296?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62296?format=api", "purl": "pkg:composer/modx/revolution@2.5.7", "type": "composer", "namespace": "modx", "name": "revolution", "version": "2.5.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.7.0", "latest_non_vulnerable_version": "2.8.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16558?format=api", "vulnerability_id": "VCID-1jqs-phm6-53f4", "summary": "MODX Revolution XSS via HTTP Host header\nIn MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53688", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9071" }, { "reference_url": "https://citadelo.com/en/2017/04/modx-revolution-cms", "reference_id": "", "reference_type": "", "scores": [], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms" }, { "reference_url": "https://github.com/modxcms/revolution", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/modxcms/revolution" }, { "reference_url": "https://github.com/modxcms/revolution/pull/13426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/modxcms/revolution/pull/13426" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9071", "reference_id": "CVE-2017-9071", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9071" }, { "reference_url": "https://github.com/advisories/GHSA-p2j4-vrgx-96qg", "reference_id": "GHSA-p2j4-vrgx-96qg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p2j4-vrgx-96qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62296?format=api", "purl": "pkg:composer/modx/revolution@2.5.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7" } ], "aliases": [ "CVE-2017-9071", "GHSA-p2j4-vrgx-96qg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jqs-phm6-53f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16586?format=api", "vulnerability_id": "VCID-snwa-dg1m-83ae", "summary": "MODX Revolution Reflected XSS\nIn MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47421", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9068" }, { "reference_url": "https://citadelo.com/en/2017/04/modx-revolution-cms", "reference_id": "", "reference_type": "", "scores": [], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms" }, { "reference_url": "https://github.com/modxcms/revolution", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/modxcms/revolution" }, { "reference_url": "https://github.com/modxcms/revolution/pull/13424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/modxcms/revolution/pull/13424" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9068", "reference_id": "CVE-2017-9068", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9068" }, { "reference_url": "https://github.com/advisories/GHSA-vrw6-7vgj-vj7x", "reference_id": "GHSA-vrw6-7vgj-vj7x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vrw6-7vgj-vj7x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62296?format=api", "purl": "pkg:composer/modx/revolution@2.5.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7" } ], "aliases": [ "CVE-2017-9068", "GHSA-vrw6-7vgj-vj7x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snwa-dg1m-83ae" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7" }