Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-y1nb-prqc-suaj
Summary
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.
Aliases
0
alias CVE-2018-9861
Fixed_packages
0
url pkg:composer/drupal/core@8.4.7
purl pkg:composer/drupal/core@8.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.7
1
url pkg:composer/drupal/core@8.5.2
purl pkg:composer/drupal/core@8.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2
2
url pkg:composer/drupal/drupal@8.4.7
purl pkg:composer/drupal/drupal@8.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7
3
url pkg:composer/drupal/drupal@8.5.2
purl pkg:composer/drupal/drupal@8.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2
4
url pkg:npm/ckeditor-dev@4.9.2
purl pkg:npm/ckeditor-dev@4.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor-dev@4.9.2
Affected_packages
0
url pkg:composer/drupal/core@8.0.0
purl pkg:composer/drupal/core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4dpp-gg2v-q3et
6
vulnerability VCID-56ze-2yw2-bfh8
7
vulnerability VCID-5c5c-m7ba-kqct
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9nk8-dban-g7h9
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a4u4-ga84-wyf9
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ah3h-t9qa-gudr
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-asm8-guag-b3ep
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-ay6b-1a7z-qkas
18
vulnerability VCID-bq2j-t19h-zyad
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-e12q-qavs-qybu
22
vulnerability VCID-e8un-nbkk-cbf9
23
vulnerability VCID-egtv-y9w1-skgr
24
vulnerability VCID-jrhg-3271-tqdy
25
vulnerability VCID-kzrs-mrga-nyej
26
vulnerability VCID-mm13-6dhq-nqfb
27
vulnerability VCID-myja-t33q-q3cv
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-ng6g-hvc2-bkg4
30
vulnerability VCID-p54u-b18k-jyft
31
vulnerability VCID-pgnc-fq4m-3kaz
32
vulnerability VCID-pmmq-8s2m-h7dp
33
vulnerability VCID-pnme-dc73-efcb
34
vulnerability VCID-qsuc-53pg-zkda
35
vulnerability VCID-rd4g-h1j9-23cb
36
vulnerability VCID-rsc6-y1uv-6bfq
37
vulnerability VCID-t89y-c9hq-9bhk
38
vulnerability VCID-ta99-gcmk-2qc8
39
vulnerability VCID-tpzm-u3qp-akc8
40
vulnerability VCID-w4ks-ufnz-vfav
41
vulnerability VCID-wapd-e3mu-sffn
42
vulnerability VCID-wsv7-je8g-sqet
43
vulnerability VCID-wszp-2es5-z7fy
44
vulnerability VCID-x34m-u169-1bce
45
vulnerability VCID-y1nb-prqc-suaj
46
vulnerability VCID-yq4q-hydz-vuga
47
vulnerability VCID-yygb-pp11-5udj
48
vulnerability VCID-zqer-y4s4-hqhy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0
1
url pkg:composer/drupal/core@8.5.0
purl pkg:composer/drupal/core@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dpp-gg2v-q3et
1
vulnerability VCID-84eq-cq89-9qhm
2
vulnerability VCID-a4u4-ga84-wyf9
3
vulnerability VCID-e69p-v2ws-vufj
4
vulnerability VCID-pmmq-8s2m-h7dp
5
vulnerability VCID-y1nb-prqc-suaj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.0
2
url pkg:composer/drupal/drupal@8.0.0
purl pkg:composer/drupal/drupal@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-31qy-vagp-83b6
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-56ze-2yw2-bfh8
4
vulnerability VCID-5c5c-m7ba-kqct
5
vulnerability VCID-6rtn-zphz-sydn
6
vulnerability VCID-9nk8-dban-g7h9
7
vulnerability VCID-a4u4-ga84-wyf9
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ah3h-t9qa-gudr
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-asm8-guag-b3ep
12
vulnerability VCID-avmn-kqky-83dd
13
vulnerability VCID-ay6b-1a7z-qkas
14
vulnerability VCID-bndv-n7w9-43b4
15
vulnerability VCID-bq2j-t19h-zyad
16
vulnerability VCID-dnc7-jg8m-8fh3
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-e8un-nbkk-cbf9
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-eyew-pw17-ryfj
21
vulnerability VCID-ks17-b29e-73au
22
vulnerability VCID-mm13-6dhq-nqfb
23
vulnerability VCID-mscp-wvvx-zfh3
24
vulnerability VCID-n5n3-p5yy-13d9
25
vulnerability VCID-nacy-y1qt-5yhb
26
vulnerability VCID-ng6g-hvc2-bkg4
27
vulnerability VCID-nn8g-m52e-5kfe
28
vulnerability VCID-pmmq-8s2m-h7dp
29
vulnerability VCID-pnme-dc73-efcb
30
vulnerability VCID-r4ja-mndm-uyge
31
vulnerability VCID-rd4g-h1j9-23cb
32
vulnerability VCID-rsc6-y1uv-6bfq
33
vulnerability VCID-s5qd-cpvc-c3cd
34
vulnerability VCID-ta99-gcmk-2qc8
35
vulnerability VCID-tbah-jrah-a3fg
36
vulnerability VCID-tbk2-zprq-27c8
37
vulnerability VCID-tpzm-u3qp-akc8
38
vulnerability VCID-w3x8-db6e-kued
39
vulnerability VCID-w4ks-ufnz-vfav
40
vulnerability VCID-wapd-e3mu-sffn
41
vulnerability VCID-wsv7-je8g-sqet
42
vulnerability VCID-wszp-2es5-z7fy
43
vulnerability VCID-x34m-u169-1bce
44
vulnerability VCID-y1nb-prqc-suaj
45
vulnerability VCID-zqer-y4s4-hqhy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0
3
url pkg:composer/drupal/drupal@8.5.0
purl pkg:composer/drupal/drupal@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a4u4-ga84-wyf9
1
vulnerability VCID-e69p-v2ws-vufj
2
vulnerability VCID-pmmq-8s2m-h7dp
3
vulnerability VCID-r4ja-mndm-uyge
4
vulnerability VCID-y1nb-prqc-suaj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.0
4
url pkg:npm/ckeditor-dev@4.5.10
purl pkg:npm/ckeditor-dev@4.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y1nb-prqc-suaj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor-dev@4.5.10
References
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-9861
reference_id CVE-2018-9861
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-9861
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-y1nb-prqc-suaj