Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35694?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35694?format=api", "vulnerability_id": "VCID-umm7-87mq-4yax", "summary": "OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020).", "aliases": [ { "alias": "CVE-2020-26280" }, { "alias": "GHSA-w5wr-98qm-jx92" }, { "alias": "PYSEC-2020-72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19359?format=api", "purl": "pkg:pypi/openslides@3.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19332?format=api", "purl": "pkg:pypi/openslides@1.3rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.3rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19333?format=api", "purl": "pkg:pypi/openslides@1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/19334?format=api", "purl": "pkg:pypi/openslides@1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19335?format=api", "purl": "pkg:pypi/openslides@1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/19336?format=api", "purl": "pkg:pypi/openslides@1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19337?format=api", "purl": "pkg:pypi/openslides@1.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19338?format=api", "purl": "pkg:pypi/openslides@1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/19339?format=api", "purl": "pkg:pypi/openslides@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19340?format=api", "purl": "pkg:pypi/openslides@1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/19341?format=api", "purl": "pkg:pypi/openslides@1.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19342?format=api", "purl": "pkg:pypi/openslides@1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/19343?format=api", "purl": "pkg:pypi/openslides@2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19344?format=api", "purl": "pkg:pypi/openslides@2.1b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19345?format=api", "purl": "pkg:pypi/openslides@2.1b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19346?format=api", "purl": "pkg:pypi/openslides@2.1b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/19347?format=api", "purl": "pkg:pypi/openslides@2.1b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/19348?format=api", "purl": "pkg:pypi/openslides@2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19349?format=api", "purl": "pkg:pypi/openslides@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19350?format=api", "purl": "pkg:pypi/openslides@2.2b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19351?format=api", "purl": "pkg:pypi/openslides@2.2b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19352?format=api", "purl": "pkg:pypi/openslides@2.2b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/19353?format=api", "purl": "pkg:pypi/openslides@2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19354?format=api", "purl": "pkg:pypi/openslides@2.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.3b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19355?format=api", "purl": "pkg:pypi/openslides@2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/19356?format=api", "purl": "pkg:pypi/openslides@3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19357?format=api", "purl": "pkg:pypi/openslides@3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19358?format=api", "purl": "pkg:pypi/openslides@3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-umm7-87mq-4yax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openslides@3.2" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64941", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26280" }, { "reference_url": "https://github.com/OpenSlides/OpenSlides/blob/master/CHANGELOG.rst#version-33-2020-12-18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/OpenSlides/OpenSlides/blob/master/CHANGELOG.rst#version-33-2020-12-18" }, { "reference_url": "https://github.com/OpenSlides/OpenSlides/commit/f3809fc8a97ee305d721662a75f788f9e9d21938", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/OpenSlides/OpenSlides/commit/f3809fc8a97ee305d721662a75f788f9e9d21938" }, { "reference_url": "https://github.com/OpenSlides/OpenSlides/pull/5714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/OpenSlides/OpenSlides/pull/5714" }, { "reference_url": "https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-w5wr-98qm-jx92", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-w5wr-98qm-jx92" }, { "reference_url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-043.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-043.txt" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-umm7-87mq-4yax" }