Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-m6hv-1sz4-mfff
Summary
Duplicate Advisory: Cross Site Scripting in eZ Platform Ibexa Kernel
In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims.
Patches
Aliases
0
alias GHSA-c737-jhwr-fqxj
Fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.2.5%2B1
purl pkg:composer/ezsystems/ezplatform-kernel@1.2.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.2.5%252B1
1
url pkg:composer/ezsystems/ezplatform-kernel@1.3.1%2B1
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.1%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.1%252B1
2
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B2
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2
Affected_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.2.0
purl pkg:composer/ezsystems/ezplatform-kernel@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m6hv-1sz4-mfff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.2.0
1
url pkg:composer/ezsystems/ezplatform-kernel@1.3.0
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7fty-j3wj-aqf4
1
vulnerability VCID-98jr-a3av-8faw
2
vulnerability VCID-fjc8-x5ct-2uf3
3
vulnerability VCID-jz3f-vywm-v7a7
4
vulnerability VCID-m6hv-1sz4-mfff
5
vulnerability VCID-puj3-khrf-hfa6
6
vulnerability VCID-veax-u5rr-4kbv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.0
2
url pkg:composer/ezsystems/ezpublish-kernel@6.13.0
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m6hv-1sz4-mfff
1
vulnerability VCID-vpbp-kn99-hygk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.0
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.0
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1eex-e332-37e8
1
vulnerability VCID-86hr-ej2a-ubbw
2
vulnerability VCID-jz3f-vywm-v7a7
3
vulnerability VCID-m6hv-1sz4-mfff
4
vulnerability VCID-q58t-76x6-mqgp
5
vulnerability VCID-tw5w-dvc4-gfh4
6
vulnerability VCID-ueng-9gm9-4qb2
7
vulnerability VCID-veax-u5rr-4kbv
8
vulnerability VCID-vpbp-kn99-hygk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.0
References
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
reference_id
reference_type
scores
url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
reference_id CVE-2021-46875
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
3
reference_url https://github.com/advisories/GHSA-c737-jhwr-fqxj
reference_id GHSA-c737-jhwr-fqxj
reference_type
scores
url https://github.com/advisories/GHSA-c737-jhwr-fqxj
4
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-m6hv-1sz4-mfff