Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.0
Typemaven
Namespaceorg.apache.myfaces.core
Namemyfaces-core-module
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.25
Latest_non_vulnerable_version2.3.8
Affected_by_vulnerabilities
0
url VCID-y94t-fwsg-sfey
vulnerability_id VCID-y94t-fwsg-sfey
summary 
Apache MyFaces Cross-site Scripting vulnerability
Apache MyFaces 1.1.7 and 1.2.8 (All previous versions are likely vulnerable), as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2086.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2086.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-2086
reference_id
reference_type
scores
0
value 0.02948
scoring_system epss
scoring_elements 0.86498
published_at 2026-04-29T12:55:00Z
1
value 0.02948
scoring_system epss
scoring_elements 0.86458
published_at 2026-04-13T12:55:00Z
2
value 0.02948
scoring_system epss
scoring_elements 0.86473
published_at 2026-04-16T12:55:00Z
3
value 0.02948
scoring_system epss
scoring_elements 0.86478
published_at 2026-04-18T12:55:00Z
4
value 0.02948
scoring_system epss
scoring_elements 0.86471
published_at 2026-04-21T12:55:00Z
5
value 0.02948
scoring_system epss
scoring_elements 0.8649
published_at 2026-04-24T12:55:00Z
6
value 0.02948
scoring_system epss
scoring_elements 0.865
published_at 2026-04-26T12:55:00Z
7
value 0.02948
scoring_system epss
scoring_elements 0.86392
published_at 2026-04-01T12:55:00Z
8
value 0.02948
scoring_system epss
scoring_elements 0.86403
published_at 2026-04-02T12:55:00Z
9
value 0.02948
scoring_system epss
scoring_elements 0.86421
published_at 2026-04-04T12:55:00Z
10
value 0.02948
scoring_system epss
scoring_elements 0.86422
published_at 2026-04-07T12:55:00Z
11
value 0.02948
scoring_system epss
scoring_elements 0.8644
published_at 2026-04-08T12:55:00Z
12
value 0.02948
scoring_system epss
scoring_elements 0.8645
published_at 2026-04-09T12:55:00Z
13
value 0.02948
scoring_system epss
scoring_elements 0.86465
published_at 2026-04-11T12:55:00Z
14
value 0.02948
scoring_system epss
scoring_elements 0.86464
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-2086
2
reference_url https://github.com/apache/myfaces
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/myfaces
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-2086
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-2086
4
reference_url https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt
5
reference_url http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=598164
reference_id 598164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=598164
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*
9
reference_url https://github.com/advisories/GHSA-92cv-wv2c-8899
reference_id GHSA-92cv-wv2c-8899
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92cv-wv2c-8899
fixed_packages
aliases CVE-2010-2086, GHSA-92cv-wv2c-8899
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y94t-fwsg-sfey
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.0