Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/40440?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40440?format=api", "vulnerability_id": "VCID-qxab-9uwr-yqhv", "summary": "Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.", "aliases": [ { "alias": "CVE-2018-17960" }, { "alias": "GHSA-g68x-vvqq-pvw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57058?format=api", "purl": "pkg:composer/typo3/cms-core@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57059?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57026?format=api", "purl": "pkg:npm/ckeditor@4.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57030?format=api", "purl": "pkg:npm/ckeditor4@4.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e4fg-q8d2-pkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.13.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52638?format=api", "purl": "pkg:composer/typo3/cms@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2vpx-fqb6-aqfa" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-66ru-n2df-b3ay" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9saf-w56y-pugz" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-d6c2-upx1-e7cd" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-e564-zdku-9fc6" }, { "vulnerability": "VCID-emqq-kwjg-3kfk" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-gk79-jtuz-myh6" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7cg-64er-uya9" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jqe4-8hzb-mfea" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-mctp-nf36-7qdn" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-q52p-xfj8-gygd" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-sy7r-d6pv-yba9" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-wy45-2gmr-fkfg" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xh68-defe-f7ce" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-ygw4-jdqu-4fbt" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/55352?format=api", "purl": "pkg:composer/typo3/cms@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-emqq-kwjg-3kfk" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-je4q-svfw-hqda" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-w1wb-mq2y-dfca" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/56072?format=api", "purl": "pkg:composer/typo3/cms-core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1knh-es99-dubw" }, { "vulnerability": "VCID-1prg-c74k-37ec" }, { "vulnerability": "VCID-2m67-xdxz-ryc2" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6ffw-r4k7-5qf8" }, { "vulnerability": "VCID-6q7t-kdrg-8qc3" }, { "vulnerability": "VCID-6rgp-dzw1-kycx" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-82ds-xda8-5ye4" }, { "vulnerability": "VCID-8sek-v483-8ueu" }, { "vulnerability": "VCID-b92x-56ng-3ygy" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-cg7w-xkyg-abgj" }, { "vulnerability": "VCID-cv9x-ea8e-pufu" }, { "vulnerability": "VCID-daz8-j1ns-rkgt" }, { "vulnerability": "VCID-e8ze-umec-a7hx" }, { "vulnerability": "VCID-e9jc-8mpp-fkgh" }, { "vulnerability": "VCID-hfcx-1kuh-p3ez" }, { "vulnerability": "VCID-hnyk-614g-yuhy" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-k8r2-2ak8-qkak" }, { "vulnerability": "VCID-n56h-zuzr-ruhf" }, { "vulnerability": "VCID-nyw8-q5ef-2fcv" }, { "vulnerability": "VCID-pwh8-c992-vqav" }, { "vulnerability": "VCID-qr1u-kcn9-cuf6" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uaf3-fyst-u7gm" }, { "vulnerability": "VCID-uncp-sa58-ufdd" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-wm4a-hcvt-vkbk" }, { "vulnerability": "VCID-y3zj-acc7-jkau" }, { "vulnerability": "VCID-z2bk-m2kw-h3c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/56073?format=api", "purl": "pkg:composer/typo3/cms-core@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1knh-es99-dubw" }, { "vulnerability": "VCID-1prg-c74k-37ec" }, { "vulnerability": "VCID-23ss-xwrm-1qcu" }, { "vulnerability": "VCID-2m67-xdxz-ryc2" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6ffw-r4k7-5qf8" }, { "vulnerability": "VCID-6q7t-kdrg-8qc3" }, { "vulnerability": "VCID-6rgp-dzw1-kycx" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-82ds-xda8-5ye4" }, { "vulnerability": "VCID-8sek-v483-8ueu" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-cf9m-qdyj-eyav" }, { "vulnerability": "VCID-cv9x-ea8e-pufu" }, { "vulnerability": "VCID-daz8-j1ns-rkgt" }, { "vulnerability": "VCID-e8ze-umec-a7hx" }, { "vulnerability": "VCID-e9jc-8mpp-fkgh" }, { "vulnerability": "VCID-efrn-3w2z-xyaf" }, { "vulnerability": "VCID-hfcx-1kuh-p3ez" }, { "vulnerability": "VCID-hnyk-614g-yuhy" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-k8r2-2ak8-qkak" }, { "vulnerability": "VCID-n56h-zuzr-ruhf" }, { "vulnerability": "VCID-nyw8-q5ef-2fcv" }, { "vulnerability": "VCID-pwh8-c992-vqav" }, { "vulnerability": "VCID-qr1u-kcn9-cuf6" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uaf3-fyst-u7gm" }, { "vulnerability": "VCID-uncp-sa58-ufdd" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-v7b1-x8hy-2kcg" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-wm4a-hcvt-vkbk" }, { "vulnerability": "VCID-x5jb-yj3d-qbdf" }, { "vulnerability": "VCID-y3zj-acc7-jkau" }, { "vulnerability": "VCID-z2bk-m2kw-h3c9" }, { "vulnerability": "VCID-zbm9-cx69-wqg3" }, { "vulnerability": "VCID-zhcb-h8ph-7uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57025?format=api", "purl": "pkg:npm/ckeditor@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mmd-x6ge-fuaw" }, { "vulnerability": "VCID-2nbt-ysxu-d3bu" }, { "vulnerability": "VCID-fm9y-ujc1-qbaq" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57029?format=api", "purl": "pkg:npm/ckeditor4@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mmd-x6ge-fuaw" }, { "vulnerability": "VCID-2nbt-ysxu-d3bu" }, { "vulnerability": "VCID-cbgv-19kg-z7a9" }, { "vulnerability": "VCID-fm9y-ujc1-qbaq" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.0.0" } ], "references": [ { "reference_url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/" }, { "reference_url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005" }, { "reference_url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960", "reference_id": "CVE-2018-17960", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml", "reference_id": "CVE-2018-17960.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml", "reference_id": "CVE-2018-17960.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3", "reference_id": "GHSA-g68x-vvqq-pvw3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv" }