Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/craftcms/cms@4.4.7

Type composer

Namespace craftcms

Name cms

Version 4.4.7

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.4.10

Latest_non_vulnerable_version 5.9.18

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2vn9-2cs3-vbg3

vulnerability_id VCID-2vn9-2cs3-vbg3

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.

references

reference_url

https://github.com/craftcms/cms

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/craftcms/cms

reference_url

https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7

reference_url

https://github.com/craftcms/cms/releases/tag/4.4.7

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/craftcms/cms/releases/tag/4.4.7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-33196

reference_id

CVE-2023-33196

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-33196

reference_url	https://github.com/advisories/GHSA-cjmm-x9x9-m2w5
reference_id	GHSA-cjmm-x9x9-m2w5
reference_type
scores
url	https://github.com/advisories/GHSA-cjmm-x9x9-m2w5

reference_url

https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5

reference_id

GHSA-cjmm-x9x9-m2w5

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5

fixed_packages

url	pkg:composer/craftcms/cms@4.4.7
purl	pkg:composer/craftcms/cms@4.4.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.7

aliases CVE-2023-33196, GHSA-cjmm-x9x9-m2w5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vn9-2cs3-vbg3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.7

Package Instance