Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jarn-rtuz-wucq
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
Aliases
0
alias CVE-2023-35131
1
alias GHSA-fwfj-8p36-rc64
Fixed_packages
0
url pkg:composer/moodle/moodle@3.11.15
purl pkg:composer/moodle/moodle@3.11.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.15
1
url pkg:composer/moodle/moodle@4.0.9
purl pkg:composer/moodle/moodle@4.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.9
2
url pkg:composer/moodle/moodle@4.1.4
purl pkg:composer/moodle/moodle@4.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4
3
url pkg:composer/moodle/moodle@4.2.1
purl pkg:composer/moodle/moodle@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1
Affected_packages
0
url pkg:composer/moodle/moodle@3.11.0
purl pkg:composer/moodle/moodle@3.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-1kfj-2zwf-vbfp
2
vulnerability VCID-1wzm-dhqv-43bj
3
vulnerability VCID-233t-s5y8-4yg5
4
vulnerability VCID-24bp-c9yc-gua4
5
vulnerability VCID-2trf-n9r4-ykgg
6
vulnerability VCID-2z6d-qf96-kyb4
7
vulnerability VCID-33ss-gb34-8ke5
8
vulnerability VCID-3ept-fdps-5fe5
9
vulnerability VCID-4c9d-jf9g-u3gn
10
vulnerability VCID-57wg-wxss-jbaw
11
vulnerability VCID-5bfe-hk7m-7bh6
12
vulnerability VCID-5q1e-b4e8-jbc8
13
vulnerability VCID-5rk8-v6bb-6ugh
14
vulnerability VCID-7rqc-eepq-43ds
15
vulnerability VCID-7x6e-qege-ufdv
16
vulnerability VCID-8d9n-ejbb-7fa1
17
vulnerability VCID-9uem-p6k3-nqdb
18
vulnerability VCID-b994-r5mw-3fbg
19
vulnerability VCID-cbzx-gnhr-pfap
20
vulnerability VCID-d8gp-tuxy-3qdf
21
vulnerability VCID-dvrf-62nt-2kdp
22
vulnerability VCID-gepg-y7ud-cuds
23
vulnerability VCID-gr4h-n82f-zkg2
24
vulnerability VCID-hk13-uc46-87h1
25
vulnerability VCID-hsk6-h5ky-g3cx
26
vulnerability VCID-jarn-rtuz-wucq
27
vulnerability VCID-jfsu-ya7r-h3e1
28
vulnerability VCID-p3ge-1cqt-tufw
29
vulnerability VCID-qfvz-hf8h-8bb3
30
vulnerability VCID-s7pu-hgz5-zfbq
31
vulnerability VCID-taab-hupu-huf9
32
vulnerability VCID-u32t-89zc-v3gj
33
vulnerability VCID-utsj-g57g-cbeb
34
vulnerability VCID-x1pc-1kuc-kug2
35
vulnerability VCID-yxag-fghx-47ej
36
vulnerability VCID-zf4q-a4cz-y7dh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0
1
url pkg:composer/moodle/moodle@4.0.0
purl pkg:composer/moodle/moodle@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wzm-dhqv-43bj
1
vulnerability VCID-24bp-c9yc-gua4
2
vulnerability VCID-2trf-n9r4-ykgg
3
vulnerability VCID-2z6d-qf96-kyb4
4
vulnerability VCID-33ss-gb34-8ke5
5
vulnerability VCID-3ept-fdps-5fe5
6
vulnerability VCID-4c9d-jf9g-u3gn
7
vulnerability VCID-4svp-grnb-2fh3
8
vulnerability VCID-5bfe-hk7m-7bh6
9
vulnerability VCID-5q1e-b4e8-jbc8
10
vulnerability VCID-5rk8-v6bb-6ugh
11
vulnerability VCID-7rqc-eepq-43ds
12
vulnerability VCID-7x6e-qege-ufdv
13
vulnerability VCID-8d9n-ejbb-7fa1
14
vulnerability VCID-b994-r5mw-3fbg
15
vulnerability VCID-cbzx-gnhr-pfap
16
vulnerability VCID-d8gp-tuxy-3qdf
17
vulnerability VCID-dvrf-62nt-2kdp
18
vulnerability VCID-gepg-y7ud-cuds
19
vulnerability VCID-hsk6-h5ky-g3cx
20
vulnerability VCID-jarn-rtuz-wucq
21
vulnerability VCID-jfsu-ya7r-h3e1
22
vulnerability VCID-ngar-aydn-eye4
23
vulnerability VCID-s7pu-hgz5-zfbq
24
vulnerability VCID-sz1m-v8wf-nqgx
25
vulnerability VCID-utsj-g57g-cbeb
26
vulnerability VCID-x1pc-1kuc-kug2
27
vulnerability VCID-yxag-fghx-47ej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0
2
url pkg:composer/moodle/moodle@4.1.0
purl pkg:composer/moodle/moodle@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wzm-dhqv-43bj
1
vulnerability VCID-24bp-c9yc-gua4
2
vulnerability VCID-2z6d-qf96-kyb4
3
vulnerability VCID-33ss-gb34-8ke5
4
vulnerability VCID-3ept-fdps-5fe5
5
vulnerability VCID-4c9d-jf9g-u3gn
6
vulnerability VCID-4svp-grnb-2fh3
7
vulnerability VCID-5bfe-hk7m-7bh6
8
vulnerability VCID-5q1e-b4e8-jbc8
9
vulnerability VCID-5rk8-v6bb-6ugh
10
vulnerability VCID-7rqc-eepq-43ds
11
vulnerability VCID-7x6e-qege-ufdv
12
vulnerability VCID-8d9n-ejbb-7fa1
13
vulnerability VCID-b994-r5mw-3fbg
14
vulnerability VCID-cbzx-gnhr-pfap
15
vulnerability VCID-d8gp-tuxy-3qdf
16
vulnerability VCID-dvrf-62nt-2kdp
17
vulnerability VCID-gepg-y7ud-cuds
18
vulnerability VCID-hsk6-h5ky-g3cx
19
vulnerability VCID-jarn-rtuz-wucq
20
vulnerability VCID-jfsu-ya7r-h3e1
21
vulnerability VCID-ngar-aydn-eye4
22
vulnerability VCID-qan2-5dd9-myhg
23
vulnerability VCID-s4j2-ppgk-sfh9
24
vulnerability VCID-s7pu-hgz5-zfbq
25
vulnerability VCID-sz1m-v8wf-nqgx
26
vulnerability VCID-utsj-g57g-cbeb
27
vulnerability VCID-x1pc-1kuc-kug2
28
vulnerability VCID-yxag-fghx-47ej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0
3
url pkg:composer/moodle/moodle@4.2.0
purl pkg:composer/moodle/moodle@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wzm-dhqv-43bj
1
vulnerability VCID-21mq-pewz-ekdt
2
vulnerability VCID-24bp-c9yc-gua4
3
vulnerability VCID-2wsu-7rzh-h7cs
4
vulnerability VCID-4c9d-jf9g-u3gn
5
vulnerability VCID-4svp-grnb-2fh3
6
vulnerability VCID-5ba5-pee7-6kh1
7
vulnerability VCID-5s33-v19s-sqd6
8
vulnerability VCID-6726-ca8y-4uez
9
vulnerability VCID-6p1s-2r14-z7ax
10
vulnerability VCID-7rqc-eepq-43ds
11
vulnerability VCID-7x6e-qege-ufdv
12
vulnerability VCID-893t-9cja-43g2
13
vulnerability VCID-8d9n-ejbb-7fa1
14
vulnerability VCID-9xk9-qb9x-jfcs
15
vulnerability VCID-b3vw-8hzh-dybx
16
vulnerability VCID-d8gp-tuxy-3qdf
17
vulnerability VCID-d92c-j4yy-fud3
18
vulnerability VCID-evef-t6cx-vqcc
19
vulnerability VCID-gycn-bey2-4yam
20
vulnerability VCID-hmuw-bjax-37bz
21
vulnerability VCID-hsk6-h5ky-g3cx
22
vulnerability VCID-jarn-rtuz-wucq
23
vulnerability VCID-jfsu-ya7r-h3e1
24
vulnerability VCID-jkyc-esnt-p3ay
25
vulnerability VCID-mhh7-n7ut-hkh6
26
vulnerability VCID-mnx8-118d-efcr
27
vulnerability VCID-ms4e-v5zc-9kgc
28
vulnerability VCID-ngar-aydn-eye4
29
vulnerability VCID-qabh-bpmn-1ye5
30
vulnerability VCID-r1ug-e8x6-83gt
31
vulnerability VCID-s7pu-hgz5-zfbq
32
vulnerability VCID-t8vm-tfnq-5kak
33
vulnerability VCID-team-9wba-yufc
34
vulnerability VCID-umd1-pmr4-4bgs
35
vulnerability VCID-utsj-g57g-cbeb
36
vulnerability VCID-wwny-t2ez-y3e1
37
vulnerability VCID-x1pc-1kuc-kug2
38
vulnerability VCID-y4g2-328f-qbge
39
vulnerability VCID-yc6t-am1p-x3ev
40
vulnerability VCID-ytd5-2swj-wkh1
41
vulnerability VCID-z5u9-5522-h7fx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76683
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76683
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2214369
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2214369
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
9
reference_url https://moodle.org/mod/forum/discuss.php?d=447829
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=447829
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35131
reference_id CVE-2023-35131
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-35131
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jarn-rtuz-wucq