Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cjhs-mtaa-7kdb
Summary
Cross-site Scripting
There is Stored XSS in Subrion via the admin panel URL configuration.
Aliases
0
alias CVE-2018-16327
1
alias GHSA-9738-c49q-4rgc
Fixed_packages
Affected_packages
0
url pkg:composer/intelliants/subrion@4.2.1
purl pkg:composer/intelliants/subrion@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bwe-5b6b-a7e2
1
vulnerability VCID-3h1n-dvmt-5qhz
2
vulnerability VCID-3hbd-spm4-2kaz
3
vulnerability VCID-44kx-4nnh-4bdf
4
vulnerability VCID-51fa-htgd-pkd7
5
vulnerability VCID-7yej-24pb-d3dm
6
vulnerability VCID-8g7b-wfgz-77f1
7
vulnerability VCID-8gvw-wym4-qufa
8
vulnerability VCID-8n55-g9s6-5qbz
9
vulnerability VCID-94z6-as1s-pkem
10
vulnerability VCID-9fac-c1gc-jbft
11
vulnerability VCID-9hkc-qw4n-t7at
12
vulnerability VCID-abws-hvpw-myfy
13
vulnerability VCID-by36-7n26-g7cc
14
vulnerability VCID-cjhs-mtaa-7kdb
15
vulnerability VCID-dj4m-68tg-vub2
16
vulnerability VCID-ekj6-hqpd-5ybq
17
vulnerability VCID-f7sw-fp56-hudc
18
vulnerability VCID-fc5n-dcez-93fn
19
vulnerability VCID-gmvv-sz8z-ebgp
20
vulnerability VCID-hay9-1wuc-s3b1
21
vulnerability VCID-j2eh-myxv-abbm
22
vulnerability VCID-j8ge-mhfk-ebd9
23
vulnerability VCID-jqzh-mw8h-23bv
24
vulnerability VCID-ng2d-pg2s-2fac
25
vulnerability VCID-ngpm-xvdu-sybs
26
vulnerability VCID-q9uf-qqfn-n7gr
27
vulnerability VCID-qwxk-wzqe-7kdp
28
vulnerability VCID-r136-w6fm-t7fc
29
vulnerability VCID-s1ez-jft2-tydn
30
vulnerability VCID-sc65-ev58-2bbk
31
vulnerability VCID-sqbf-5a82-yucu
32
vulnerability VCID-vzeg-42da-euej
33
vulnerability VCID-ydhn-xpam-jqgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16327
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44499
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16327
1
reference_url https://github.com/intelliants/subrion
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intelliants/subrion
2
reference_url https://github.com/intelliants/subrion/commit/ec8e6e8984eeebfaf0d8022f4c07aa508624ee18
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intelliants/subrion/commit/ec8e6e8984eeebfaf0d8022f4c07aa508624ee18
3
reference_url https://github.com/intelliants/subrion/issues/771
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intelliants/subrion/issues/771
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16327
reference_id CVE-2018-16327
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16327
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cjhs-mtaa-7kdb