Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43514?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43514?format=api", "vulnerability_id": "VCID-5ru2-1n1f-afa4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.", "aliases": [ { "alias": "CVE-2013-7341" }, { "alias": "GHSA-j6c3-3c4w-qv8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62043?format=api", "purl": "pkg:composer/moodle/moodle@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qpu2-8paz-7ydv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/62044?format=api", "purl": "pkg:composer/moodle/moodle@2.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qpu2-8paz-7ydv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62045?format=api", "purl": "pkg:composer/moodle/moodle@2.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qpu2-8paz-7ydv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52313?format=api", "purl": "pkg:composer/typo3/cms@6.2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62041?format=api", "purl": "pkg:composer/moodle/moodle@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ehh-qz6c-ykhp" }, { "vulnerability": "VCID-1whm-dsv7-t7gm" }, { "vulnerability": "VCID-4v57-bu85-syhr" }, { "vulnerability": "VCID-4xqt-yugc-qufr" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6v43-drd7-ufd7" }, { "vulnerability": "VCID-7g7m-bu5q-gbcx" }, { "vulnerability": "VCID-88pw-zwqn-cqfd" }, { "vulnerability": "VCID-cvqm-kjhx-q7ej" }, { "vulnerability": "VCID-czph-uxwr-5uge" }, { "vulnerability": "VCID-ea5s-xphb-6ub7" }, { "vulnerability": "VCID-gdz8-d8j3-nqdh" }, { "vulnerability": "VCID-h8xn-n98n-qqdv" }, { "vulnerability": "VCID-j3t3-svwb-p7bn" }, { "vulnerability": "VCID-q3wv-9hj6-vbgt" }, { "vulnerability": "VCID-qpu2-8paz-7ydv" }, { "vulnerability": "VCID-qxyw-7hnt-hqd6" }, { "vulnerability": "VCID-r88h-mteg-yka9" }, { "vulnerability": "VCID-rdfn-52p2-afa7" }, { "vulnerability": "VCID-s5cy-eva4-wbaf" }, { "vulnerability": "VCID-ucg8-htfc-2bhn" }, { "vulnerability": "VCID-vrfy-36yc-muhr" }, { "vulnerability": "VCID-vs2j-b4qg-nbgu" }, { "vulnerability": "VCID-vwyj-z4gf-8fg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62042?format=api", "purl": "pkg:composer/moodle/moodle@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ehh-qz6c-ykhp" }, { "vulnerability": "VCID-1rar-m2g3-27ag" }, { "vulnerability": "VCID-1whm-dsv7-t7gm" }, { "vulnerability": "VCID-29yj-e9bd-queq" }, { "vulnerability": "VCID-3xwm-hqap-8bct" }, { "vulnerability": "VCID-4v57-bu85-syhr" }, { "vulnerability": "VCID-4xqt-yugc-qufr" }, { "vulnerability": "VCID-5c29-qn3p-3yde" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6v43-drd7-ufd7" }, { "vulnerability": "VCID-7g7m-bu5q-gbcx" }, { "vulnerability": "VCID-7x8g-tdd5-kqbs" }, { "vulnerability": "VCID-88pw-zwqn-cqfd" }, { "vulnerability": "VCID-8q4n-d565-kfbn" }, { "vulnerability": "VCID-bfmx-cwap-8yhp" }, { "vulnerability": "VCID-cvqm-kjhx-q7ej" }, { "vulnerability": "VCID-czph-uxwr-5uge" }, { "vulnerability": "VCID-ea5s-xphb-6ub7" }, { "vulnerability": "VCID-fs9k-21es-rygd" }, { "vulnerability": "VCID-fumj-9pun-zfc5" }, { "vulnerability": "VCID-gdz8-d8j3-nqdh" }, { "vulnerability": "VCID-h8xn-n98n-qqdv" }, { "vulnerability": "VCID-hbky-xx53-vkct" }, { "vulnerability": "VCID-hck4-emsr-q7dc" }, { "vulnerability": "VCID-j3t3-svwb-p7bn" }, { "vulnerability": "VCID-krn6-pwk5-ake2" }, { "vulnerability": "VCID-kzwd-2e6n-fkbm" }, { "vulnerability": "VCID-q3wv-9hj6-vbgt" }, { "vulnerability": "VCID-qpu2-8paz-7ydv" }, { "vulnerability": "VCID-qxyw-7hnt-hqd6" }, { "vulnerability": "VCID-r88h-mteg-yka9" }, { "vulnerability": "VCID-rdfn-52p2-afa7" }, { "vulnerability": "VCID-s5cy-eva4-wbaf" }, { "vulnerability": "VCID-ucg8-htfc-2bhn" }, { "vulnerability": "VCID-uptz-tj66-7yfk" }, { "vulnerability": "VCID-uvgt-7m5a-xkdc" }, { "vulnerability": "VCID-v4qm-48kk-pfaz" }, { "vulnerability": "VCID-v7zm-cw8w-6yf8" }, { "vulnerability": "VCID-vda3-4fgr-gfbw" }, { "vulnerability": "VCID-vrfy-36yc-muhr" }, { "vulnerability": "VCID-vs2j-b4qg-nbgu" }, { "vulnerability": "VCID-vwyj-z4gf-8fg5" }, { "vulnerability": "VCID-xnmk-jah2-ufce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51877?format=api", "purl": "pkg:composer/typo3/cms@6.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4fse-74hb-x3c9" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-88un-etsg-2qas" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rm7r-1pqj-3fbs" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-yphc-ujay-7fcs" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zqe5-53je-mfaw" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/52097?format=api", "purl": "pkg:composer/typo3/cms@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hyx9-8ae6-sba8" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zru2-9g25-77dc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0" } ], "references": [ { "reference_url": "http://flash.flowplayer.org/documentation/version-history.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://flash.flowplayer.org/documentation/version-history.html" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/03/17/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2014/03/17/1" }, { "reference_url": "https://github.com/flowplayer/flash/issues/121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/flowplayer/flash/issues/121" }, { "reference_url": "https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9" }, { "reference_url": "https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791" }, { "reference_url": "https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066" }, { "reference_url": "https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=256420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=256420" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7341", "reference_id": "CVE-2013-7341", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7341" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml", "reference_id": "CVE-2013-7341.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-j6c3-3c4w-qv8p", "reference_id": "GHSA-j6c3-3c4w-qv8p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j6c3-3c4w-qv8p" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ru2-1n1f-afa4" }