Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9ugf-duna-xfgy
Summary
Silverstripe XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page.

An attacker could create a URL and share it with a site administrator to perform an attack.
Aliases
0
alias GHSA-m8v7-x398-pxrf
Fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
1
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
2
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
Affected_packages
0
url pkg:composer/silverstripe/framework@3.1.18
purl pkg:composer/silverstripe/framework@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9ugf-duna-xfgy
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-evh4-xq48-4fa6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-excr-b2pz-jydm
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-m5rs-qptc-vued
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-q939-fszs-wfdp
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-v9ch-up34-nuab
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.18
1
url pkg:composer/silverstripe/framework@3.2.3
purl pkg:composer/silverstripe/framework@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9ugf-duna-xfgy
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-evh4-xq48-4fa6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-excr-b2pz-jydm
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-m5rs-qptc-vued
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-q939-fszs-wfdp
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-v9ch-up34-nuab
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.3
2
url pkg:composer/silverstripe/framework@3.3.1
purl pkg:composer/silverstripe/framework@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9ugf-duna-xfgy
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-excr-b2pz-jydm
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nute-ndg2-z7ev
23
vulnerability VCID-q939-fszs-wfdp
24
vulnerability VCID-qdwg-f2bx-1bay
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-t81f-5b8z-hyht
27
vulnerability VCID-umhc-fdfh-1fdx
28
vulnerability VCID-v9ch-up34-nuab
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.1
References
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-004-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-004-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
3
reference_url https://github.com/silverstripe/silverstripe-framework/commits/3.3.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commits/3.3.2
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-004
5
reference_url https://github.com/advisories/GHSA-m8v7-x398-pxrf
reference_id GHSA-m8v7-x398-pxrf
reference_type
scores
url https://github.com/advisories/GHSA-m8v7-x398-pxrf
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9ugf-duna-xfgy