Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/redmine@6.0.4%2Bds-1?distro=trixie

Type deb

Namespace debian

Name redmine

Version 6.0.4+ds-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.0.5+ds-1

Latest_non_vulnerable_version 6.0.6+ds-6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3xup-fkaz-e7hu

vulnerability_id VCID-3xup-fkaz-e7hu

summary A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4011

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.40361
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40242
published_at	2026-04-21T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40318
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.4035
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40303
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40323
published_at	2026-04-12T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.4036
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40349
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40337
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40286
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40336
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4011

reference_url

https://www.redmine.org/versions/206

reference_id

206

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://www.redmine.org/versions/206

reference_url

https://www.redmine.org/issues/42238

reference_id

42238

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://www.redmine.org/issues/42238

reference_url

https://vuldb.com/?ctiid.306364

reference_id

?ctiid.306364

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://vuldb.com/?ctiid.306364

reference_url

https://vuldb.com/?id.306364

reference_id

?id.306364

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://vuldb.com/?id.306364

reference_url

https://vuldb.com/?submit.558240

reference_id

?submit.558240

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://vuldb.com/?submit.558240

fixed_packages

url	pkg:deb/debian/redmine@0?distro=trixie
purl	pkg:deb/debian/redmine@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.4%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.4%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.4%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2025-4011

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xup-fkaz-e7hu

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.4%252Bds-1%3Fdistro=trixie

Package Instance