VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2563?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2563?format=api",
    "vulnerability_id": "VCID-x41m-aspw-53gp",
    "summary": "Paul Nickerson demonstrated that if an attacker could convince a user\nto right-click on a broken image and choose \"View Image\" from the context\nmenu then he could get javascript to run on a site of the attacker's choosing\nby making the image src attribute a javascript: URL and loading the target\nsite on mousedown. This could be used to steal login cookies or other\nconfidential information from the target site.Similarly, if a user could be convinced to right-click and choose\n\"Show only this frame\" on a frame whose src attribute is a javascript: URL\nthen that script would run in the context of the framing site. In order\nfor this variant to be effective not only would you have to convince the\nuser to view the frame, you would have to find an interesting target\nsite that can be made to host a frame of the attacker's choosing.",
    "aliases": [
        {
            "alias": "CVE-2006-2785"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.0.2",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785",
            "reference_id": "CVE-2006-2785",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-34",
            "reference_id": "mfsa2006-34",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-34"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x41m-aspw-53gp"
}

Vulnerability Instance