Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/UmbracoCms@9.0.0
Typenuget
Namespace
NameUmbracoCms
Version9.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.7.2
Latest_non_vulnerable_version12.3.4
Affected_by_vulnerabilities
0
url VCID-s3pr-pezb-4qf4
vulnerability_id VCID-s3pr-pezb-4qf4
summary 
Incorrect Authorization
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48227
reference_id CVE-2023-48227
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-48227
1
reference_url https://github.com/advisories/GHSA-335x-5wcm-8jv2
reference_id GHSA-335x-5wcm-8jv2
reference_type
scores
url https://github.com/advisories/GHSA-335x-5wcm-8jv2
2
reference_url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-335x-5wcm-8jv2
reference_id GHSA-335x-5wcm-8jv2
reference_type
scores
url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-335x-5wcm-8jv2
fixed_packages
0
url pkg:nuget/UmbracoCms@10.7.0
purl pkg:nuget/UmbracoCms@10.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@10.7.0
1
url pkg:nuget/UmbracoCms@12.3.0
purl pkg:nuget/UmbracoCms@12.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.0
aliases CVE-2023-48227, GHSA-335x-5wcm-8jv2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3pr-pezb-4qf4
1
url VCID-wtw6-zcw6-2yd2
vulnerability_id VCID-wtw6-zcw6-2yd2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38694
reference_id CVE-2023-38694
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38694
1
reference_url https://github.com/advisories/GHSA-xxc6-35r7-796w
reference_id GHSA-xxc6-35r7-796w
reference_type
scores
url https://github.com/advisories/GHSA-xxc6-35r7-796w
2
reference_url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w
reference_id GHSA-xxc6-35r7-796w
reference_type
scores
url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w
fixed_packages
0
url pkg:nuget/UmbracoCms@10.7.0
purl pkg:nuget/UmbracoCms@10.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@10.7.0
1
url pkg:nuget/UmbracoCms@12.1.0
purl pkg:nuget/UmbracoCms@12.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.1.0
aliases CVE-2023-38694, GHSA-xxc6-35r7-796w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtw6-zcw6-2yd2
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@9.0.0