Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jn5c-h7cd-skfq
Summary
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
The xss_clean() method in the Security Library of CodeIgniter/Framework, specifically in versions before 3.0.3, exhibited a vulnerability that allowed certain Cross-Site Scripting (XSS) vectors to bypass its intended protection mechanisms.

The xss_clean() method is designed to sanitize input data by removing potentially malicious content, thus preventing XSS attacks. However, in versions prior to 3.0.3, it was discovered that the method did not adequately mitigate specific XSS vectors, leaving a potential security gap.
Aliases
0
alias GHSA-q9j3-4ghj-6h57
Fixed_packages
0
url pkg:composer/codeigniter/framework@3.0.3
purl pkg:composer/codeigniter/framework@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hsz-vuhe-dbak
1
vulnerability VCID-2qzt-eskd-7qf4
2
vulnerability VCID-3mhu-ddhm-5ke7
3
vulnerability VCID-52pj-ryan-2yfj
4
vulnerability VCID-74bw-u8nc-3qbz
5
vulnerability VCID-7wzt-96yg-jfah
6
vulnerability VCID-9fmk-e4fz-2ybu
7
vulnerability VCID-a6px-3qen-euct
8
vulnerability VCID-e2md-avz8-bya9
9
vulnerability VCID-e4vu-fhp3-j3em
10
vulnerability VCID-ebrh-16ww-3bhd
11
vulnerability VCID-en5a-535z-ayca
12
vulnerability VCID-fpcv-9quu-8fe2
13
vulnerability VCID-gnfx-qs26-ukdx
14
vulnerability VCID-p756-2jkm-9fc5
15
vulnerability VCID-qdfk-n9gt-6yfp
16
vulnerability VCID-s6nh-cvkt-vygr
17
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0.3
Affected_packages
0
url pkg:composer/codeigniter/framework@3.0rc
purl pkg:composer/codeigniter/framework@3.0rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kby-g5ka-cff3
1
vulnerability VCID-8wbz-we3g-x3ep
2
vulnerability VCID-9gnz-bcac-5ygs
3
vulnerability VCID-a6px-3qen-euct
4
vulnerability VCID-ebrh-16ww-3bhd
5
vulnerability VCID-fpcv-9quu-8fe2
6
vulnerability VCID-gubk-qp7e-h7f4
7
vulnerability VCID-jn5c-h7cd-skfq
8
vulnerability VCID-qdfk-n9gt-6yfp
9
vulnerability VCID-s6nh-cvkt-vygr
10
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0rc
1
url pkg:composer/codeigniter/framework@3.0rc2
purl pkg:composer/codeigniter/framework@3.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kby-g5ka-cff3
1
vulnerability VCID-8wbz-we3g-x3ep
2
vulnerability VCID-9gnz-bcac-5ygs
3
vulnerability VCID-a6px-3qen-euct
4
vulnerability VCID-ebrh-16ww-3bhd
5
vulnerability VCID-fpcv-9quu-8fe2
6
vulnerability VCID-gubk-qp7e-h7f4
7
vulnerability VCID-jn5c-h7cd-skfq
8
vulnerability VCID-qdfk-n9gt-6yfp
9
vulnerability VCID-s6nh-cvkt-vygr
10
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0rc2
2
url pkg:composer/codeigniter/framework@3.0rc3
purl pkg:composer/codeigniter/framework@3.0rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kby-g5ka-cff3
1
vulnerability VCID-8wbz-we3g-x3ep
2
vulnerability VCID-9gnz-bcac-5ygs
3
vulnerability VCID-a6px-3qen-euct
4
vulnerability VCID-ebrh-16ww-3bhd
5
vulnerability VCID-fpcv-9quu-8fe2
6
vulnerability VCID-gubk-qp7e-h7f4
7
vulnerability VCID-jn5c-h7cd-skfq
8
vulnerability VCID-qdfk-n9gt-6yfp
9
vulnerability VCID-s6nh-cvkt-vygr
10
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0rc3
3
url pkg:composer/codeigniter/framework@3.0.0
purl pkg:composer/codeigniter/framework@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hsz-vuhe-dbak
1
vulnerability VCID-2qzt-eskd-7qf4
2
vulnerability VCID-3kby-g5ka-cff3
3
vulnerability VCID-3mhu-ddhm-5ke7
4
vulnerability VCID-52pj-ryan-2yfj
5
vulnerability VCID-74bw-u8nc-3qbz
6
vulnerability VCID-7wzt-96yg-jfah
7
vulnerability VCID-8wbz-we3g-x3ep
8
vulnerability VCID-9fmk-e4fz-2ybu
9
vulnerability VCID-a6px-3qen-euct
10
vulnerability VCID-e2md-avz8-bya9
11
vulnerability VCID-e4vu-fhp3-j3em
12
vulnerability VCID-ebrh-16ww-3bhd
13
vulnerability VCID-en5a-535z-ayca
14
vulnerability VCID-fpcv-9quu-8fe2
15
vulnerability VCID-gnfx-qs26-ukdx
16
vulnerability VCID-gubk-qp7e-h7f4
17
vulnerability VCID-jn5c-h7cd-skfq
18
vulnerability VCID-p756-2jkm-9fc5
19
vulnerability VCID-qdfk-n9gt-6yfp
20
vulnerability VCID-s6nh-cvkt-vygr
21
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0.0
4
url pkg:composer/codeigniter/framework@3.0.1rc
purl pkg:composer/codeigniter/framework@3.0.1rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hsz-vuhe-dbak
1
vulnerability VCID-2qzt-eskd-7qf4
2
vulnerability VCID-3kby-g5ka-cff3
3
vulnerability VCID-3mhu-ddhm-5ke7
4
vulnerability VCID-52pj-ryan-2yfj
5
vulnerability VCID-74bw-u8nc-3qbz
6
vulnerability VCID-7wzt-96yg-jfah
7
vulnerability VCID-8wbz-we3g-x3ep
8
vulnerability VCID-9fmk-e4fz-2ybu
9
vulnerability VCID-a6px-3qen-euct
10
vulnerability VCID-e2md-avz8-bya9
11
vulnerability VCID-e4vu-fhp3-j3em
12
vulnerability VCID-ebrh-16ww-3bhd
13
vulnerability VCID-en5a-535z-ayca
14
vulnerability VCID-fpcv-9quu-8fe2
15
vulnerability VCID-gnfx-qs26-ukdx
16
vulnerability VCID-gubk-qp7e-h7f4
17
vulnerability VCID-jn5c-h7cd-skfq
18
vulnerability VCID-p756-2jkm-9fc5
19
vulnerability VCID-qdfk-n9gt-6yfp
20
vulnerability VCID-s6nh-cvkt-vygr
21
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0.1rc
5
url pkg:composer/codeigniter/framework@3.0.1rc2
purl pkg:composer/codeigniter/framework@3.0.1rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hsz-vuhe-dbak
1
vulnerability VCID-2qzt-eskd-7qf4
2
vulnerability VCID-3mhu-ddhm-5ke7
3
vulnerability VCID-52pj-ryan-2yfj
4
vulnerability VCID-74bw-u8nc-3qbz
5
vulnerability VCID-7wzt-96yg-jfah
6
vulnerability VCID-8wbz-we3g-x3ep
7
vulnerability VCID-9fmk-e4fz-2ybu
8
vulnerability VCID-a6px-3qen-euct
9
vulnerability VCID-e2md-avz8-bya9
10
vulnerability VCID-e4vu-fhp3-j3em
11
vulnerability VCID-ebrh-16ww-3bhd
12
vulnerability VCID-en5a-535z-ayca
13
vulnerability VCID-fpcv-9quu-8fe2
14
vulnerability VCID-gnfx-qs26-ukdx
15
vulnerability VCID-gubk-qp7e-h7f4
16
vulnerability VCID-jn5c-h7cd-skfq
17
vulnerability VCID-p756-2jkm-9fc5
18
vulnerability VCID-qdfk-n9gt-6yfp
19
vulnerability VCID-s6nh-cvkt-vygr
20
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0.1rc2
6
url pkg:composer/codeigniter/framework@3.0.1
purl pkg:composer/codeigniter/framework@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hsz-vuhe-dbak
1
vulnerability VCID-2qzt-eskd-7qf4
2
vulnerability VCID-3mhu-ddhm-5ke7
3
vulnerability VCID-52pj-ryan-2yfj
4
vulnerability VCID-74bw-u8nc-3qbz
5
vulnerability VCID-7wzt-96yg-jfah
6
vulnerability VCID-8wbz-we3g-x3ep
7
vulnerability VCID-9fmk-e4fz-2ybu
8
vulnerability VCID-a6px-3qen-euct
9
vulnerability VCID-e2md-avz8-bya9
10
vulnerability VCID-e4vu-fhp3-j3em
11
vulnerability VCID-ebrh-16ww-3bhd
12
vulnerability VCID-en5a-535z-ayca
13
vulnerability VCID-fpcv-9quu-8fe2
14
vulnerability VCID-gnfx-qs26-ukdx
15
vulnerability VCID-gubk-qp7e-h7f4
16
vulnerability VCID-jn5c-h7cd-skfq
17
vulnerability VCID-p756-2jkm-9fc5
18
vulnerability VCID-qdfk-n9gt-6yfp
19
vulnerability VCID-s6nh-cvkt-vygr
20
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0.1
7
url pkg:composer/codeigniter/framework@3.0.2
purl pkg:composer/codeigniter/framework@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hsz-vuhe-dbak
1
vulnerability VCID-2qzt-eskd-7qf4
2
vulnerability VCID-3mhu-ddhm-5ke7
3
vulnerability VCID-52pj-ryan-2yfj
4
vulnerability VCID-74bw-u8nc-3qbz
5
vulnerability VCID-7wzt-96yg-jfah
6
vulnerability VCID-8wbz-we3g-x3ep
7
vulnerability VCID-9fmk-e4fz-2ybu
8
vulnerability VCID-a6px-3qen-euct
9
vulnerability VCID-e2md-avz8-bya9
10
vulnerability VCID-e4vu-fhp3-j3em
11
vulnerability VCID-ebrh-16ww-3bhd
12
vulnerability VCID-en5a-535z-ayca
13
vulnerability VCID-fpcv-9quu-8fe2
14
vulnerability VCID-gnfx-qs26-ukdx
15
vulnerability VCID-gubk-qp7e-h7f4
16
vulnerability VCID-jn5c-h7cd-skfq
17
vulnerability VCID-p756-2jkm-9fc5
18
vulnerability VCID-qdfk-n9gt-6yfp
19
vulnerability VCID-s6nh-cvkt-vygr
20
vulnerability VCID-s814-tdxe-1baf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0.2
References
0
reference_url https://github.com/bcit-ci/CodeIgniter
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcit-ci/CodeIgniter
1
reference_url https://github.com/bcit-ci/CodeIgniter/commit/71b1b3f5b2dcc0f4b652e9494e9853b82541ac8c
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcit-ci/CodeIgniter/commit/71b1b3f5b2dcc0f4b652e9494e9853b82541ac8c
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter/framework/2015-10-31-1.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter/framework/2015-10-31-1.yaml
3
reference_url https://www.codeigniter.com/user_guide/changelog.html#version-3-0-3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.codeigniter.com/user_guide/changelog.html#version-3-0-3
4
reference_url https://github.com/advisories/GHSA-q9j3-4ghj-6h57
reference_id GHSA-q9j3-4ghj-6h57
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q9j3-4ghj-6h57
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jn5c-h7cd-skfq