Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-umm7-87mq-4yax

Summary OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020).

Aliases

alias	CVE-2020-26280

alias	GHSA-w5wr-98qm-jx92

alias	PYSEC-2020-72

Fixed_packages

url	pkg:pypi/openslides@3.3
purl	pkg:pypi/openslides@3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.3

Affected_packages

url pkg:pypi/openslides@1.3rc1

purl pkg:pypi/openslides@1.3rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.3rc1

url pkg:pypi/openslides@1.3

purl pkg:pypi/openslides@1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.3

url pkg:pypi/openslides@1.3.1

purl pkg:pypi/openslides@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.3.1

url pkg:pypi/openslides@1.4

purl pkg:pypi/openslides@1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.4

url pkg:pypi/openslides@1.4.1

purl pkg:pypi/openslides@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.4.1

url pkg:pypi/openslides@1.4.2

purl pkg:pypi/openslides@1.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.4.2

url pkg:pypi/openslides@1.5

purl pkg:pypi/openslides@1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.5

url pkg:pypi/openslides@1.5.1

purl pkg:pypi/openslides@1.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.5.1

url pkg:pypi/openslides@1.6

purl pkg:pypi/openslides@1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.6

url pkg:pypi/openslides@1.6.1

purl pkg:pypi/openslides@1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.6.1

url pkg:pypi/openslides@1.7

purl pkg:pypi/openslides@1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.7

url pkg:pypi/openslides@2.0

purl pkg:pypi/openslides@2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.0

url pkg:pypi/openslides@2.1b1

purl pkg:pypi/openslides@2.1b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b1

url pkg:pypi/openslides@2.1b2

purl pkg:pypi/openslides@2.1b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b2

url pkg:pypi/openslides@2.1b3

purl pkg:pypi/openslides@2.1b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b3

url pkg:pypi/openslides@2.1b4

purl pkg:pypi/openslides@2.1b4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b4

url pkg:pypi/openslides@2.1

purl pkg:pypi/openslides@2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1

url pkg:pypi/openslides@2.1.1

purl pkg:pypi/openslides@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1.1

url pkg:pypi/openslides@2.2b1

purl pkg:pypi/openslides@2.2b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2b1

url pkg:pypi/openslides@2.2b2

purl pkg:pypi/openslides@2.2b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2b2

url pkg:pypi/openslides@2.2b3

purl pkg:pypi/openslides@2.2b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2b3

url pkg:pypi/openslides@2.2

purl pkg:pypi/openslides@2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2

url pkg:pypi/openslides@2.3b1

purl pkg:pypi/openslides@2.3b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.3b1

url pkg:pypi/openslides@2.3

purl pkg:pypi/openslides@2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.3

url pkg:pypi/openslides@3.0

purl pkg:pypi/openslides@3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.0

url pkg:pypi/openslides@3.1

purl pkg:pypi/openslides@3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.1

url pkg:pypi/openslides@3.2

purl pkg:pypi/openslides@3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-umm7-87mq-4yax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.2

References

reference_url	https://github.com/OpenSlides/OpenSlides/blob/master/CHANGELOG.rst#version-33-2020-12-18
reference_id
reference_type
scores
url	https://github.com/OpenSlides/OpenSlides/blob/master/CHANGELOG.rst#version-33-2020-12-18

reference_url	https://github.com/OpenSlides/OpenSlides/commit/f3809fc8a97ee305d721662a75f788f9e9d21938
reference_id
reference_type
scores
url	https://github.com/OpenSlides/OpenSlides/commit/f3809fc8a97ee305d721662a75f788f9e9d21938

reference_url	https://github.com/OpenSlides/OpenSlides/pull/5714
reference_id
reference_type
scores
url	https://github.com/OpenSlides/OpenSlides/pull/5714

reference_url	https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-w5wr-98qm-jx92
reference_id
reference_type
scores
url	https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-w5wr-98qm-jx92

reference_url	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-043.txt
reference_id
reference_type
scores
url	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-043.txt

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umm7-87mq-4yax

Vulnerability Instance