Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/concrete5/concrete5@8.5.16
Typecomposer
Namespaceconcrete5
Nameconcrete5
Version8.5.16
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.1.0
Latest_non_vulnerable_version9.4.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1ptm-ydqz-gybk
vulnerability_id VCID-1ptm-ydqz-gybk
summary 
Concrete CMS Stored XSS in the Search Field
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3181
reference_id CVE-2024-3181
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3181
6
reference_url https://github.com/advisories/GHSA-qgm9-rxmq-jxmq
reference_id GHSA-qgm9-rxmq-jxmq
reference_type
scores
url https://github.com/advisories/GHSA-qgm9-rxmq-jxmq
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3181, GHSA-qgm9-rxmq-jxmq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ptm-ydqz-gybk
1
url VCID-3z92-cd94-cfdt
vulnerability_id VCID-3z92-cd94-cfdt
summary 
Concrete CMS Stored XSS in the Custom Class page editing
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
5
reference_url https://github.com/concretecms/concretecms/pull/11988
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11988
6
reference_url https://github.com/concretecms/concretecms/pull/11989
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11989
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3179
reference_id CVE-2024-3179
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3179
8
reference_url https://github.com/advisories/GHSA-r7q4-cw9r-vhp4
reference_id GHSA-r7q4-cw9r-vhp4
reference_type
scores
url https://github.com/advisories/GHSA-r7q4-cw9r-vhp4
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3179, GHSA-r7q4-cw9r-vhp4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3z92-cd94-cfdt
2
url VCID-4e63-f1w1-rudp
vulnerability_id VCID-4e63-f1w1-rudp
summary 
Concrete CMS Stored XSS in blocks of type file
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3180
reference_id CVE-2024-3180
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3180
6
reference_url https://github.com/advisories/GHSA-9qhc-pg6j-wf23
reference_id GHSA-9qhc-pg6j-wf23
reference_type
scores
url https://github.com/advisories/GHSA-9qhc-pg6j-wf23
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3180, GHSA-9qhc-pg6j-wf23
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4e63-f1w1-rudp
3
url VCID-av2c-h349-tkae
vulnerability_id VCID-av2c-h349-tkae
summary 
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
5
reference_url https://github.com/concretecms/concretecms/pull/11988
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11988
6
reference_url https://github.com/concretecms/concretecms/pull/11989
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11989
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3178
reference_id CVE-2024-3178
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3178
8
reference_url https://github.com/advisories/GHSA-xwrh-qxmc-x8c8
reference_id GHSA-xwrh-qxmc-x8c8
reference_type
scores
url https://github.com/advisories/GHSA-xwrh-qxmc-x8c8
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3178, GHSA-xwrh-qxmc-x8c8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-av2c-h349-tkae
4
url VCID-x7qc-tw7s-tugy
vulnerability_id VCID-x7qc-tw7s-tugy
summary 
Concrete CMS Stored XSS on the calendar color settings screen
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Thank you Rikuto Tauchi for reporting
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2753
reference_id CVE-2024-2753
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-2753
6
reference_url https://github.com/advisories/GHSA-pj42-r64f-4xfq
reference_id GHSA-pj42-r64f-4xfq
reference_type
scores
url https://github.com/advisories/GHSA-pj42-r64f-4xfq
fixed_packages
0
url pkg:composer/concrete5/concrete5@8.5.16
purl pkg:composer/concrete5/concrete5@8.5.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16
1
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-2753, GHSA-pj42-r64f-4xfq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7qc-tw7s-tugy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@8.5.16