Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-kyvw-d4e8-1fd4
Summary
Magento XML Injection vulnerability in the Widgets Module
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.
Aliases
0
alias CVE-2022-34253
1
alias GHSA-cj7w-pm77-hvg6
Fixed_packages
0
url pkg:composer/magento/community-edition@2.3.7-p4
purl pkg:composer/magento/community-edition@2.3.7-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p4
1
url pkg:composer/magento/community-edition@2.4.3-p3
purl pkg:composer/magento/community-edition@2.4.3-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3
2
url pkg:composer/magento/community-edition@2.4.5
purl pkg:composer/magento/community-edition@2.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2h52-3pt6-dfcw
2
vulnerability VCID-2vsw-t8k2-4bfm
3
vulnerability VCID-3et4-3zad-1qfn
4
vulnerability VCID-3g5s-hryc-5qa9
5
vulnerability VCID-3zcy-b3th-ukhd
6
vulnerability VCID-4dae-vty8-b7hk
7
vulnerability VCID-525q-afzj-tkcp
8
vulnerability VCID-5gxr-xksz-5ydb
9
vulnerability VCID-6p6q-ctya-q3bv
10
vulnerability VCID-6t9w-cnkz-s3c3
11
vulnerability VCID-6tx4-wexr-fkbb
12
vulnerability VCID-7ewa-w75h-qfdy
13
vulnerability VCID-7hrm-jtbx-sqgm
14
vulnerability VCID-7pr7-uqp1-sugt
15
vulnerability VCID-7s3w-8dn6-jqh7
16
vulnerability VCID-7s74-rdkp-vyaf
17
vulnerability VCID-7s7e-adr6-h3dc
18
vulnerability VCID-8hx4-r8bb-n7ge
19
vulnerability VCID-8ky6-w2nk-9bds
20
vulnerability VCID-8msu-s38a-p7e3
21
vulnerability VCID-8shb-t5zp-rqbu
22
vulnerability VCID-9cc9-npdc-8bac
23
vulnerability VCID-9vrt-uccb-myev
24
vulnerability VCID-a8gs-ervm-e3hm
25
vulnerability VCID-a9b6-tenb-afdw
26
vulnerability VCID-agtm-nkhp-dkdn
27
vulnerability VCID-ayfe-5a7g-u7b7
28
vulnerability VCID-az2w-5xhy-5fe4
29
vulnerability VCID-b3cn-pjp3-4yhm
30
vulnerability VCID-b4jg-dj1a-9qd5
31
vulnerability VCID-b9ry-u6qy-j7cc
32
vulnerability VCID-bch8-kq49-skhm
33
vulnerability VCID-bera-73sm-bbh7
34
vulnerability VCID-bkpz-ratd-e7ab
35
vulnerability VCID-bzyh-c5tm-j7dn
36
vulnerability VCID-cc8x-6es1-8kc5
37
vulnerability VCID-ccx1-qacj-2qev
38
vulnerability VCID-cgwk-hn4t-n7c1
39
vulnerability VCID-cm2a-1yc5-v3cy
40
vulnerability VCID-cqjn-3z6n-sff1
41
vulnerability VCID-d2ab-j8bf-e7dx
42
vulnerability VCID-d6mk-hg8h-7qbc
43
vulnerability VCID-dpgz-dacm-sqg6
44
vulnerability VCID-du16-f2wp-t3cw
45
vulnerability VCID-dur2-pfke-h7hf
46
vulnerability VCID-dx43-89w9-a7dg
47
vulnerability VCID-e7zd-dn28-4bf1
48
vulnerability VCID-e9zx-zy9y-2fcp
49
vulnerability VCID-eahe-s41f-ckc1
50
vulnerability VCID-egy6-nku7-zyap
51
vulnerability VCID-evth-swm9-k3de
52
vulnerability VCID-eygc-ra9u-gyej
53
vulnerability VCID-fz5y-um7w-63f4
54
vulnerability VCID-fzam-yuyg-qyd5
55
vulnerability VCID-gedj-39p5-ubd6
56
vulnerability VCID-gxj9-a1hc-47de
57
vulnerability VCID-hbau-7tvg-cygz
58
vulnerability VCID-hfbb-ax6r-tbaz
59
vulnerability VCID-hh8a-mgkk-3yb5
60
vulnerability VCID-j124-q39m-mkby
61
vulnerability VCID-j5vp-2jrx-ukf4
62
vulnerability VCID-j6ss-8f4e-e7g2
63
vulnerability VCID-jhd5-tqph-3ufu
64
vulnerability VCID-kezx-5nw5-hfen
65
vulnerability VCID-kje4-asu6-dfg2
66
vulnerability VCID-kq4m-anrt-rugn
67
vulnerability VCID-kuzc-uv5b-v7an
68
vulnerability VCID-kxnm-y19k-mqg2
69
vulnerability VCID-m5z8-hz81-j7b7
70
vulnerability VCID-m83v-51cy-uqar
71
vulnerability VCID-md7v-w5aq-t7h1
72
vulnerability VCID-mhvf-2keh-2qar
73
vulnerability VCID-mjb6-7au8-5fdx
74
vulnerability VCID-msac-ptqf-pyg1
75
vulnerability VCID-mtr5-suag-2bdj
76
vulnerability VCID-ns8t-vtcn-aqh4
77
vulnerability VCID-p222-28c1-vfhy
78
vulnerability VCID-qfw5-3tdu-x7g4
79
vulnerability VCID-qgpx-hgzu-5qgp
80
vulnerability VCID-qj4x-u7gx-9uf1
81
vulnerability VCID-qp7s-amch-v3cd
82
vulnerability VCID-qzqd-271b-ybfj
83
vulnerability VCID-r4bw-w4t9-23ek
84
vulnerability VCID-r7nh-arcj-8fb3
85
vulnerability VCID-rbjk-3gcs-2qb5
86
vulnerability VCID-rduw-apr6-4fdu
87
vulnerability VCID-re84-qg3k-3ub3
88
vulnerability VCID-rf6p-ct86-5bgz
89
vulnerability VCID-ruru-fwmn-5kes
90
vulnerability VCID-rxac-w9pd-aqe1
91
vulnerability VCID-s4bp-kzfu-8qfy
92
vulnerability VCID-s5e2-d6n8-kkbr
93
vulnerability VCID-scg7-ugdn-53b9
94
vulnerability VCID-shfz-pxan-v3ar
95
vulnerability VCID-tc3m-4bkg-qkcf
96
vulnerability VCID-te3b-exz5-zke1
97
vulnerability VCID-tvz9-8s4d-gbg6
98
vulnerability VCID-txb3-ez5r-r7ek
99
vulnerability VCID-tzug-ckkn-dyft
100
vulnerability VCID-ugyc-gehq-rudu
101
vulnerability VCID-upcj-z3c1-ubcf
102
vulnerability VCID-vu36-a1g1-nugt
103
vulnerability VCID-vx13-4b1d-wbgp
104
vulnerability VCID-w3zd-fezc-nuhd
105
vulnerability VCID-wjfe-wh5k-1qft
106
vulnerability VCID-ws6y-k3tx-r3gb
107
vulnerability VCID-wvyx-2bbb-9yf7
108
vulnerability VCID-wzu6-rbsv-mkde
109
vulnerability VCID-x46d-a16g-nkg9
110
vulnerability VCID-xfvu-2zg4-ruf6
111
vulnerability VCID-xk5y-7a1w-zba9
112
vulnerability VCID-xsq8-ztqh-ubb8
113
vulnerability VCID-y1v3-9tyq-uqhd
114
vulnerability VCID-y4r1-yr69-uuf6
115
vulnerability VCID-y4u6-cy8y-hyae
116
vulnerability VCID-y7x4-664r-3fbk
117
vulnerability VCID-yuvf-e7hk-kqf9
118
vulnerability VCID-z2v2-n138-6ydv
119
vulnerability VCID-zdpz-8tc2-6kah
120
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34253
reference_id
reference_type
scores
0
value 0.37194
scoring_system epss
scoring_elements 0.97252
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34253
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523
3
reference_url https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa
4
reference_url https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594
5
reference_url https://helpx.adobe.com/security/products/magento/apsb22-38.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://helpx.adobe.com/security/products/magento/apsb22-38.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34253
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34253
Weaknesses
0
cwe_id 91
name XML Injection (aka Blind XPath Injection)
description The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-kyvw-d4e8-1fd4