Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uvgt-7m5a-xkdc
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
Aliases
0
alias CVE-2014-9059
1
alias GHSA-crcq-pw8h-9xwf
Fixed_packages
0
url pkg:composer/moodle/moodle@2.5.9
purl pkg:composer/moodle/moodle@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-37pj-u3gh-n7fd
2
vulnerability VCID-65y9-9ur2-pugc
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-ajkr-fxa1-mkhk
6
vulnerability VCID-an53-nu91-k3d7
7
vulnerability VCID-bjnq-q2nd-1khp
8
vulnerability VCID-duna-st9c-mqbk
9
vulnerability VCID-eaqp-7abt-6kg9
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fsex-f512-pudv
12
vulnerability VCID-hbky-xx53-vkct
13
vulnerability VCID-jcq6-btgz-fkf6
14
vulnerability VCID-k1bh-ymgt-e7cd
15
vulnerability VCID-k6pw-51st-b3d2
16
vulnerability VCID-k73h-z6j8-gkgz
17
vulnerability VCID-m3np-aebb-8qaa
18
vulnerability VCID-m4zv-e3dn-budf
19
vulnerability VCID-mkfz-e1ft-2bcw
20
vulnerability VCID-nntc-dsz1-e3fp
21
vulnerability VCID-qhv1-wgpm-7fh6
22
vulnerability VCID-r6kn-b963-eqge
23
vulnerability VCID-s6uu-335k-yfbc
24
vulnerability VCID-uptz-tj66-7yfk
25
vulnerability VCID-vb67-yux5-ayhf
26
vulnerability VCID-vfp6-4h8n-bkax
27
vulnerability VCID-w9ca-exua-g7ar
28
vulnerability VCID-x7rg-rsb5-pya7
29
vulnerability VCID-xmm4-zw49-3feh
30
vulnerability VCID-y8up-cqtu-jkdw
31
vulnerability VCID-yghg-775s-vber
32
vulnerability VCID-zjrq-np3y-hua5
33
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9
1
url pkg:composer/moodle/moodle@2.6.6
purl pkg:composer/moodle/moodle@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-37pj-u3gh-n7fd
2
vulnerability VCID-65y9-9ur2-pugc
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-ajkr-fxa1-mkhk
6
vulnerability VCID-an53-nu91-k3d7
7
vulnerability VCID-bjnq-q2nd-1khp
8
vulnerability VCID-duna-st9c-mqbk
9
vulnerability VCID-eaqp-7abt-6kg9
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fsex-f512-pudv
12
vulnerability VCID-jcq6-btgz-fkf6
13
vulnerability VCID-k1bh-ymgt-e7cd
14
vulnerability VCID-k6pw-51st-b3d2
15
vulnerability VCID-k73h-z6j8-gkgz
16
vulnerability VCID-m3np-aebb-8qaa
17
vulnerability VCID-m4zv-e3dn-budf
18
vulnerability VCID-mkfz-e1ft-2bcw
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-qhv1-wgpm-7fh6
21
vulnerability VCID-r6kn-b963-eqge
22
vulnerability VCID-s6uu-335k-yfbc
23
vulnerability VCID-vb67-yux5-ayhf
24
vulnerability VCID-vfp6-4h8n-bkax
25
vulnerability VCID-w9ca-exua-g7ar
26
vulnerability VCID-x7rg-rsb5-pya7
27
vulnerability VCID-xmm4-zw49-3feh
28
vulnerability VCID-y8up-cqtu-jkdw
29
vulnerability VCID-yghg-775s-vber
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6
2
url pkg:composer/moodle/moodle@2.7.3
purl pkg:composer/moodle/moodle@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-2s6b-tp6p-gue1
2
vulnerability VCID-37pj-u3gh-n7fd
3
vulnerability VCID-4kq5-ctsv-eka8
4
vulnerability VCID-5rbf-4dz3-2qdz
5
vulnerability VCID-65y9-9ur2-pugc
6
vulnerability VCID-83kb-4mk9-t7ge
7
vulnerability VCID-a6pb-47tu-afcg
8
vulnerability VCID-ajkr-fxa1-mkhk
9
vulnerability VCID-an53-nu91-k3d7
10
vulnerability VCID-bjnq-q2nd-1khp
11
vulnerability VCID-dhku-uah4-ykh8
12
vulnerability VCID-duna-st9c-mqbk
13
vulnerability VCID-eaqp-7abt-6kg9
14
vulnerability VCID-eu27-a3px-87ed
15
vulnerability VCID-fsex-f512-pudv
16
vulnerability VCID-jcq6-btgz-fkf6
17
vulnerability VCID-k1bh-ymgt-e7cd
18
vulnerability VCID-k6pw-51st-b3d2
19
vulnerability VCID-k73h-z6j8-gkgz
20
vulnerability VCID-kgvw-uxf4-wbc1
21
vulnerability VCID-m3np-aebb-8qaa
22
vulnerability VCID-m4zv-e3dn-budf
23
vulnerability VCID-mkfz-e1ft-2bcw
24
vulnerability VCID-nntc-dsz1-e3fp
25
vulnerability VCID-qhv1-wgpm-7fh6
26
vulnerability VCID-r6kn-b963-eqge
27
vulnerability VCID-s3ue-e5h8-f3dy
28
vulnerability VCID-s6uu-335k-yfbc
29
vulnerability VCID-vb67-yux5-ayhf
30
vulnerability VCID-vfp6-4h8n-bkax
31
vulnerability VCID-vtq4-fpr8-hudb
32
vulnerability VCID-w9ca-exua-g7ar
33
vulnerability VCID-x7rg-rsb5-pya7
34
vulnerability VCID-xmm4-zw49-3feh
35
vulnerability VCID-y8up-cqtu-jkdw
36
vulnerability VCID-yghg-775s-vber
37
vulnerability VCID-zjrq-np3y-hua5
38
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3
Affected_packages
0
url pkg:composer/moodle/moodle@2.6.0
purl pkg:composer/moodle/moodle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1rar-m2g3-27ag
2
vulnerability VCID-1whm-dsv7-t7gm
3
vulnerability VCID-29yj-e9bd-queq
4
vulnerability VCID-2s6b-tp6p-gue1
5
vulnerability VCID-37pj-u3gh-n7fd
6
vulnerability VCID-3xwm-hqap-8bct
7
vulnerability VCID-4v57-bu85-syhr
8
vulnerability VCID-4xqt-yugc-qufr
9
vulnerability VCID-5c29-qn3p-3yde
10
vulnerability VCID-5ru2-1n1f-afa4
11
vulnerability VCID-65y9-9ur2-pugc
12
vulnerability VCID-6v43-drd7-ufd7
13
vulnerability VCID-7g7m-bu5q-gbcx
14
vulnerability VCID-7x8g-tdd5-kqbs
15
vulnerability VCID-83kb-4mk9-t7ge
16
vulnerability VCID-88pw-zwqn-cqfd
17
vulnerability VCID-8q4n-d565-kfbn
18
vulnerability VCID-a6pb-47tu-afcg
19
vulnerability VCID-ajkr-fxa1-mkhk
20
vulnerability VCID-an53-nu91-k3d7
21
vulnerability VCID-bfmx-cwap-8yhp
22
vulnerability VCID-bjnq-q2nd-1khp
23
vulnerability VCID-cvqm-kjhx-q7ej
24
vulnerability VCID-czph-uxwr-5uge
25
vulnerability VCID-duna-st9c-mqbk
26
vulnerability VCID-ea5s-xphb-6ub7
27
vulnerability VCID-eaqp-7abt-6kg9
28
vulnerability VCID-eu27-a3px-87ed
29
vulnerability VCID-fs9k-21es-rygd
30
vulnerability VCID-fsex-f512-pudv
31
vulnerability VCID-fumj-9pun-zfc5
32
vulnerability VCID-gdz8-d8j3-nqdh
33
vulnerability VCID-h8xn-n98n-qqdv
34
vulnerability VCID-hbky-xx53-vkct
35
vulnerability VCID-hck4-emsr-q7dc
36
vulnerability VCID-j3t3-svwb-p7bn
37
vulnerability VCID-jcq6-btgz-fkf6
38
vulnerability VCID-k1bh-ymgt-e7cd
39
vulnerability VCID-k6pw-51st-b3d2
40
vulnerability VCID-k73h-z6j8-gkgz
41
vulnerability VCID-krn6-pwk5-ake2
42
vulnerability VCID-kzwd-2e6n-fkbm
43
vulnerability VCID-m3np-aebb-8qaa
44
vulnerability VCID-m4zv-e3dn-budf
45
vulnerability VCID-mkfz-e1ft-2bcw
46
vulnerability VCID-nntc-dsz1-e3fp
47
vulnerability VCID-q3wv-9hj6-vbgt
48
vulnerability VCID-qhv1-wgpm-7fh6
49
vulnerability VCID-qpu2-8paz-7ydv
50
vulnerability VCID-qxyw-7hnt-hqd6
51
vulnerability VCID-r6kn-b963-eqge
52
vulnerability VCID-r88h-mteg-yka9
53
vulnerability VCID-rdfn-52p2-afa7
54
vulnerability VCID-s5cy-eva4-wbaf
55
vulnerability VCID-s6uu-335k-yfbc
56
vulnerability VCID-ucg8-htfc-2bhn
57
vulnerability VCID-uptz-tj66-7yfk
58
vulnerability VCID-uvgt-7m5a-xkdc
59
vulnerability VCID-v4qm-48kk-pfaz
60
vulnerability VCID-v7zm-cw8w-6yf8
61
vulnerability VCID-vb67-yux5-ayhf
62
vulnerability VCID-vda3-4fgr-gfbw
63
vulnerability VCID-vfp6-4h8n-bkax
64
vulnerability VCID-vrfy-36yc-muhr
65
vulnerability VCID-vs2j-b4qg-nbgu
66
vulnerability VCID-vwyj-z4gf-8fg5
67
vulnerability VCID-w9ca-exua-g7ar
68
vulnerability VCID-x7rg-rsb5-pya7
69
vulnerability VCID-xmm4-zw49-3feh
70
vulnerability VCID-xnmk-jah2-ufce
71
vulnerability VCID-y8up-cqtu-jkdw
72
vulnerability VCID-yghg-775s-vber
73
vulnerability VCID-zjrq-np3y-hua5
74
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.0
1
url pkg:composer/moodle/moodle@2.7.0
purl pkg:composer/moodle/moodle@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1rar-m2g3-27ag
2
vulnerability VCID-1z6j-fs6f-eua1
3
vulnerability VCID-29yj-e9bd-queq
4
vulnerability VCID-2dxb-v1af-jbax
5
vulnerability VCID-2s6b-tp6p-gue1
6
vulnerability VCID-2y3m-yuaj-vkf2
7
vulnerability VCID-37j1-ym2f-1fbc
8
vulnerability VCID-37pj-u3gh-n7fd
9
vulnerability VCID-3xwm-hqap-8bct
10
vulnerability VCID-46jw-xjbu-b3f1
11
vulnerability VCID-4cx7-eaax-8uhr
12
vulnerability VCID-4kq5-ctsv-eka8
13
vulnerability VCID-5c29-qn3p-3yde
14
vulnerability VCID-5nfq-4syg-87da
15
vulnerability VCID-5rbf-4dz3-2qdz
16
vulnerability VCID-5vx4-qtb2-fqe9
17
vulnerability VCID-62yh-cpfr-9bb1
18
vulnerability VCID-65y9-9ur2-pugc
19
vulnerability VCID-83kb-4mk9-t7ge
20
vulnerability VCID-8cc1-hbzm-87bx
21
vulnerability VCID-8q4n-d565-kfbn
22
vulnerability VCID-95mq-m2jz-a3ab
23
vulnerability VCID-9z66-z9af-17f7
24
vulnerability VCID-a3pu-x51u-1udr
25
vulnerability VCID-a6pb-47tu-afcg
26
vulnerability VCID-ajkr-fxa1-mkhk
27
vulnerability VCID-an53-nu91-k3d7
28
vulnerability VCID-aqc8-tmeg-9fdd
29
vulnerability VCID-b9ej-hx7z-1bb8
30
vulnerability VCID-bfmx-cwap-8yhp
31
vulnerability VCID-bjnq-q2nd-1khp
32
vulnerability VCID-czph-uxwr-5uge
33
vulnerability VCID-d3yp-gq4c-vyf8
34
vulnerability VCID-dhku-uah4-ykh8
35
vulnerability VCID-duna-st9c-mqbk
36
vulnerability VCID-ea5s-xphb-6ub7
37
vulnerability VCID-eaqp-7abt-6kg9
38
vulnerability VCID-emu7-jhv2-zqb8
39
vulnerability VCID-eu27-a3px-87ed
40
vulnerability VCID-evke-m8nn-6ua3
41
vulnerability VCID-fsex-f512-pudv
42
vulnerability VCID-fumj-9pun-zfc5
43
vulnerability VCID-g4hn-yz26-1beb
44
vulnerability VCID-gvan-87dt-b7fp
45
vulnerability VCID-h8xn-n98n-qqdv
46
vulnerability VCID-hbky-xx53-vkct
47
vulnerability VCID-hck4-emsr-q7dc
48
vulnerability VCID-j11s-2mhg-pfdn
49
vulnerability VCID-jcq6-btgz-fkf6
50
vulnerability VCID-k1bh-ymgt-e7cd
51
vulnerability VCID-k6pw-51st-b3d2
52
vulnerability VCID-k73h-z6j8-gkgz
53
vulnerability VCID-kgvw-uxf4-wbc1
54
vulnerability VCID-krn6-pwk5-ake2
55
vulnerability VCID-kzwd-2e6n-fkbm
56
vulnerability VCID-m3np-aebb-8qaa
57
vulnerability VCID-m4zv-e3dn-budf
58
vulnerability VCID-mkfz-e1ft-2bcw
59
vulnerability VCID-n9uc-b76m-8fbs
60
vulnerability VCID-nfdb-m7rg-47ca
61
vulnerability VCID-nntc-dsz1-e3fp
62
vulnerability VCID-qhv1-wgpm-7fh6
63
vulnerability VCID-qxyw-7hnt-hqd6
64
vulnerability VCID-r3f7-9paf-83ht
65
vulnerability VCID-r6kn-b963-eqge
66
vulnerability VCID-r88h-mteg-yka9
67
vulnerability VCID-rdfn-52p2-afa7
68
vulnerability VCID-rscq-xx52-2ua8
69
vulnerability VCID-s3bw-w61k-eqhy
70
vulnerability VCID-s3ue-e5h8-f3dy
71
vulnerability VCID-s5cy-eva4-wbaf
72
vulnerability VCID-s6uu-335k-yfbc
73
vulnerability VCID-tmwc-f872-mufw
74
vulnerability VCID-ucg8-htfc-2bhn
75
vulnerability VCID-uptz-tj66-7yfk
76
vulnerability VCID-uvgt-7m5a-xkdc
77
vulnerability VCID-v4qm-48kk-pfaz
78
vulnerability VCID-v54t-5thx-1beu
79
vulnerability VCID-v6ha-ekxw-7bfr
80
vulnerability VCID-v7zm-cw8w-6yf8
81
vulnerability VCID-vb67-yux5-ayhf
82
vulnerability VCID-vda3-4fgr-gfbw
83
vulnerability VCID-vfp6-4h8n-bkax
84
vulnerability VCID-vs2j-b4qg-nbgu
85
vulnerability VCID-vtq4-fpr8-hudb
86
vulnerability VCID-w9ca-exua-g7ar
87
vulnerability VCID-wavt-rrws-3yhs
88
vulnerability VCID-wawr-t9dc-33fj
89
vulnerability VCID-x7rg-rsb5-pya7
90
vulnerability VCID-xmm4-zw49-3feh
91
vulnerability VCID-xnmk-jah2-ufce
92
vulnerability VCID-xy2y-yxfu-xfgm
93
vulnerability VCID-y2vh-7r7h-9ugu
94
vulnerability VCID-y8up-cqtu-jkdw
95
vulnerability VCID-yghg-775s-vber
96
vulnerability VCID-zjrq-np3y-hua5
97
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9059
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55344
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9059
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42
4
reference_url https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a
5
reference_url https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0
6
reference_url https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6
7
reference_url https://moodle.org/mod/forum/discuss.php?d=275146
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=275146
8
reference_url https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
9
reference_url https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133
10
reference_url http://www.securitytracker.com/id/1031215
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1031215
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9059
reference_id CVE-2014-9059
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9059
12
reference_url https://github.com/advisories/GHSA-crcq-pw8h-9xwf
reference_id GHSA-crcq-pw8h-9xwf
reference_type
scores
url https://github.com/advisories/GHSA-crcq-pw8h-9xwf
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uvgt-7m5a-xkdc