Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-hawk-pzyk-ybgv
Summary
Security researcher Jordi Chancel discovered a method to put
arbitrary HTML content within <select> elements and place it in arbitrary
locations. This can be used to spoof the displayed addressbar, leading to
clickjacking and other spoofing attacks.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts.
Aliases
0
alias CVE-2013-5593
Fixed_packages
0
url pkg:mozilla/Firefox@25.0.0
purl pkg:mozilla/Firefox@25.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@25.0.0
1
url pkg:mozilla/Firefox%20ESR@24.1.0
purl pkg:mozilla/Firefox%20ESR@24.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.1.0
2
url pkg:mozilla/Seamonkey@2.22.0
purl pkg:mozilla/Seamonkey@2.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.22.0
3
url pkg:mozilla/Thunderbird@24.1.0
purl pkg:mozilla/Thunderbird@24.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.1.0
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593
reference_id CVE-2013-5593
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-94
reference_id mfsa2013-94
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-94
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-hawk-pzyk-ybgv