Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ewwn-e3cz-2fdh
Summary
Security researcher Nikita Arykov reported that JavaScript event
handler attributes on a <marquee> tag will execute inside a sandboxed
iframe that does not have the allow-scripts flag set. This could result in a cross-site
scripting (XSS) vulnerability in a site that depends on the iframe sandbox for
sanitization and does no other content filtering.
Aliases
0
alias CVE-2016-5262
Fixed_packages
0
url pkg:mozilla/Firefox@48.0.0
purl pkg:mozilla/Firefox@48.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@48.0.0
1
url pkg:mozilla/Firefox%20ESR@45.3.0
purl pkg:mozilla/Firefox%20ESR@45.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.3.0
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262
reference_id CVE-2016-5262
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-76
reference_id mfsa2016-76
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-76
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ewwn-e3cz-2fdh