Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/33340?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33340?format=api", "vulnerability_id": "VCID-xw77-b18v-8kc4", "summary": "Reflected XSS in SilverStripe\nSilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.", "aliases": [ { "alias": "CVE-2019-19325" }, { "alias": "GHSA-qvrv-2x7x-78x2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73130?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/200887?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73129?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26303?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81942?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/195904?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195905?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/195906?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/73304?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/142288?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/200888?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58109", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.57999", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58133", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58137", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5813", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19325" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19325", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19325" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325/", "reference_id": "CVE-2019-19325", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325/" }, { "reference_url": "https://github.com/advisories/GHSA-qvrv-2x7x-78x2", "reference_id": "GHSA-qvrv-2x7x-78x2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvrv-2x7x-78x2" } ], "weaknesses": [ { "cwe_id": 78, "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "description": "The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw77-b18v-8kc4" }