Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-w65h-8a9d-ckgj
Summary
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors
It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability.

As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
Aliases
0
alias GHSA-wp8j-c736-c5r3
Fixed_packages
0
url pkg:composer/typo3/cms@6.2.14
purl pkg:composer/typo3/cms@6.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efr-h9gq-r7h1
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-39jx-muqb-nkfq
3
vulnerability VCID-5dxs-cdht-27hw
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-727q-h3ey-6yc9
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-8p64-6zpt-t3av
8
vulnerability VCID-8vum-snng-jfcv
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-c57c-akce-xufq
11
vulnerability VCID-dd9u-w2y2-87h9
12
vulnerability VCID-dw8z-wtph-skey
13
vulnerability VCID-e1gr-txgg-fqa6
14
vulnerability VCID-e82x-2cdb-7fgn
15
vulnerability VCID-ebku-sk43-m7bf
16
vulnerability VCID-eutz-mj58-audb
17
vulnerability VCID-ev4k-5k1d-2bhu
18
vulnerability VCID-exjy-5cyn-zfg1
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-g9ns-sxkx-aqh1
21
vulnerability VCID-h217-xe8x-nua3
22
vulnerability VCID-h7hf-sf2q-73ay
23
vulnerability VCID-huxd-2e6q-abak
24
vulnerability VCID-hzma-cduk-3uhp
25
vulnerability VCID-j6x1-dfre-2bdq
26
vulnerability VCID-jeqr-9tfu-f7b2
27
vulnerability VCID-kj76-rsr8-yqb3
28
vulnerability VCID-kqu8-8c1n-73hr
29
vulnerability VCID-ks1q-a8x2-uqht
30
vulnerability VCID-m3nc-xbb4-yubr
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-n326-yy8y-xuap
33
vulnerability VCID-nhjv-nke2-2kf8
34
vulnerability VCID-nqqc-nkwq-rqhx
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-s97a-nmk8-y3ay
37
vulnerability VCID-sn8n-mawq-3uht
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u4tq-8qnk-5fd7
40
vulnerability VCID-u6h1-ccgw-jqds
41
vulnerability VCID-ub3e-hrb1-wqac
42
vulnerability VCID-vq15-t92r-5bhx
43
vulnerability VCID-wk4s-4bcd-2yb5
44
vulnerability VCID-wms8-dnuz-b3hc
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y1ap-y4az-x7ec
47
vulnerability VCID-yn6z-9v7k-x7br
48
vulnerability VCID-zrz3-3dnf-tbay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.14
1
url pkg:composer/typo3/cms@7.3.1
purl pkg:composer/typo3/cms@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugj-6m1e-e3hr
1
vulnerability VCID-5hm4-ms5p-uuae
2
vulnerability VCID-8jcy-3kje-fqeh
3
vulnerability VCID-953t-q1cr-zyd6
4
vulnerability VCID-abjx-8v46-d7d8
5
vulnerability VCID-ansr-8m5j-pya6
6
vulnerability VCID-c57c-akce-xufq
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-e82x-2cdb-7fgn
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fdnw-2tz5-4fdr
11
vulnerability VCID-fqkx-v8t5-q3h6
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-j6x1-dfre-2bdq
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-jq5y-7h9g-mufa
16
vulnerability VCID-n18b-qe5x-z7cj
17
vulnerability VCID-nhjv-nke2-2kf8
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-u6h1-ccgw-jqds
21
vulnerability VCID-ub3e-hrb1-wqac
22
vulnerability VCID-vq15-t92r-5bhx
23
vulnerability VCID-wms8-dnuz-b3hc
24
vulnerability VCID-xw1s-93bu-wuh9
25
vulnerability VCID-yz6t-ge1y-qfgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1
Affected_packages
0
url pkg:composer/typo3/cms@6.2.0
purl pkg:composer/typo3/cms@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efr-h9gq-r7h1
1
vulnerability VCID-1u4r-r97q-3yfk
2
vulnerability VCID-2r7u-mc45-8yhe
3
vulnerability VCID-39jx-muqb-nkfq
4
vulnerability VCID-3ump-aca5-g7b6
5
vulnerability VCID-4fse-74hb-x3c9
6
vulnerability VCID-4wnp-gusy-43b8
7
vulnerability VCID-5dxs-cdht-27hw
8
vulnerability VCID-5hm4-ms5p-uuae
9
vulnerability VCID-5ppx-p8eq-mbgk
10
vulnerability VCID-5ru2-1n1f-afa4
11
vulnerability VCID-6su8-bbrw-hbhp
12
vulnerability VCID-6u6t-uy5y-5fd6
13
vulnerability VCID-727q-h3ey-6yc9
14
vulnerability VCID-7n9x-c9gs-9yb3
15
vulnerability VCID-83y4-7q4j-h7f8
16
vulnerability VCID-88un-etsg-2qas
17
vulnerability VCID-8jcy-3kje-fqeh
18
vulnerability VCID-8p64-6zpt-t3av
19
vulnerability VCID-8vum-snng-jfcv
20
vulnerability VCID-95wn-6r9b-q7et
21
vulnerability VCID-9899-uxyb-73gg
22
vulnerability VCID-a1kt-str6-rqec
23
vulnerability VCID-ansr-8m5j-pya6
24
vulnerability VCID-bstt-ybrs-5ua3
25
vulnerability VCID-c57c-akce-xufq
26
vulnerability VCID-cgqm-1wwf-kbg6
27
vulnerability VCID-dd9u-w2y2-87h9
28
vulnerability VCID-dw8z-wtph-skey
29
vulnerability VCID-dwjk-7sqh-hqa8
30
vulnerability VCID-dyhd-5p1e-fya6
31
vulnerability VCID-e1gr-txgg-fqa6
32
vulnerability VCID-e1ms-4r4s-g7e7
33
vulnerability VCID-e2bk-pfbe-puek
34
vulnerability VCID-e82x-2cdb-7fgn
35
vulnerability VCID-ebku-sk43-m7bf
36
vulnerability VCID-ec17-eauu-67d3
37
vulnerability VCID-ekvp-u4kk-kqdd
38
vulnerability VCID-eutz-mj58-audb
39
vulnerability VCID-ev4k-5k1d-2bhu
40
vulnerability VCID-exjy-5cyn-zfg1
41
vulnerability VCID-fgn1-hswd-ekdf
42
vulnerability VCID-fgqa-5fx9-nkaz
43
vulnerability VCID-fqkx-v8t5-q3h6
44
vulnerability VCID-g7mm-vjbw-bbhd
45
vulnerability VCID-g9ns-sxkx-aqh1
46
vulnerability VCID-gbdn-7ce2-zuf7
47
vulnerability VCID-h217-xe8x-nua3
48
vulnerability VCID-h7hf-sf2q-73ay
49
vulnerability VCID-huxd-2e6q-abak
50
vulnerability VCID-hzma-cduk-3uhp
51
vulnerability VCID-j6x1-dfre-2bdq
52
vulnerability VCID-jenc-czvj-g3gw
53
vulnerability VCID-jeqr-9tfu-f7b2
54
vulnerability VCID-jf28-91be-6kbr
55
vulnerability VCID-jmea-qzsr-wkf4
56
vulnerability VCID-jn38-wfec-7bb2
57
vulnerability VCID-jx9x-wxwq-5khx
58
vulnerability VCID-kj76-rsr8-yqb3
59
vulnerability VCID-kp2p-nbmg-ufen
60
vulnerability VCID-kqu8-8c1n-73hr
61
vulnerability VCID-ks1q-a8x2-uqht
62
vulnerability VCID-m3nc-xbb4-yubr
63
vulnerability VCID-n18b-qe5x-z7cj
64
vulnerability VCID-n326-yy8y-xuap
65
vulnerability VCID-nhjv-nke2-2kf8
66
vulnerability VCID-nqqc-nkwq-rqhx
67
vulnerability VCID-nvbp-pbjw-3qgx
68
vulnerability VCID-p7gd-anw2-1qbz
69
vulnerability VCID-q5f3-nhjn-hyb4
70
vulnerability VCID-qek9-g3h8-nfdz
71
vulnerability VCID-r6hu-hvdh-abb1
72
vulnerability VCID-rae3-cugy-hbh5
73
vulnerability VCID-rm7r-1pqj-3fbs
74
vulnerability VCID-s4re-vww7-sugb
75
vulnerability VCID-s97a-nmk8-y3ay
76
vulnerability VCID-sdz8-hju8-4bcb
77
vulnerability VCID-sn8n-mawq-3uht
78
vulnerability VCID-tgyt-axv1-c7ag
79
vulnerability VCID-u37d-tqqe-n7d4
80
vulnerability VCID-u4tq-8qnk-5fd7
81
vulnerability VCID-u6h1-ccgw-jqds
82
vulnerability VCID-ub3e-hrb1-wqac
83
vulnerability VCID-v2qy-dbf2-bffn
84
vulnerability VCID-vq15-t92r-5bhx
85
vulnerability VCID-w58p-3wg1-7ycr
86
vulnerability VCID-w65h-8a9d-ckgj
87
vulnerability VCID-wk4s-4bcd-2yb5
88
vulnerability VCID-wms8-dnuz-b3hc
89
vulnerability VCID-x175-xjek-97ds
90
vulnerability VCID-xpxg-qq49-b7fd
91
vulnerability VCID-xt7m-u9eb-fyd9
92
vulnerability VCID-xw1s-93bu-wuh9
93
vulnerability VCID-y1ap-y4az-x7ec
94
vulnerability VCID-yn6z-9v7k-x7br
95
vulnerability VCID-yphc-ujay-7fcs
96
vulnerability VCID-ys6f-g39p-fkfc
97
vulnerability VCID-zhvz-jzf3-2uac
98
vulnerability VCID-zpxz-291y-x3c7
99
vulnerability VCID-zqe5-53je-mfaw
100
vulnerability VCID-zru2-9g25-77dc
101
vulnerability VCID-zrz3-3dnf-tbay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.0
1
url pkg:composer/typo3/cms@7.0.0
purl pkg:composer/typo3/cms@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u4r-r97q-3yfk
1
vulnerability VCID-28fn-ncj5-2ufk
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5ru2-1n1f-afa4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-6u6t-uy5y-5fd6
7
vulnerability VCID-7n9x-c9gs-9yb3
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dwjk-7sqh-hqa8
16
vulnerability VCID-dyhd-5p1e-fya6
17
vulnerability VCID-e1gr-txgg-fqa6
18
vulnerability VCID-e1ms-4r4s-g7e7
19
vulnerability VCID-e2bk-pfbe-puek
20
vulnerability VCID-e82x-2cdb-7fgn
21
vulnerability VCID-ec17-eauu-67d3
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-fdnw-2tz5-4fdr
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-gpv4-4tpd-tbaa
26
vulnerability VCID-hp99-ncuh-6ugv
27
vulnerability VCID-hyx9-8ae6-sba8
28
vulnerability VCID-j6x1-dfre-2bdq
29
vulnerability VCID-jp1p-rfxa-hyd9
30
vulnerability VCID-jq5y-7h9g-mufa
31
vulnerability VCID-jwb1-3sbg-kfa5
32
vulnerability VCID-jx9x-wxwq-5khx
33
vulnerability VCID-n18b-qe5x-z7cj
34
vulnerability VCID-nhjv-nke2-2kf8
35
vulnerability VCID-njsj-bwjq-fyap
36
vulnerability VCID-nqqc-nkwq-rqhx
37
vulnerability VCID-p576-w7dd-p3h7
38
vulnerability VCID-p7gd-anw2-1qbz
39
vulnerability VCID-q5f3-nhjn-hyb4
40
vulnerability VCID-qcnh-z4zh-myaw
41
vulnerability VCID-qek9-g3h8-nfdz
42
vulnerability VCID-r6hu-hvdh-abb1
43
vulnerability VCID-rae3-cugy-hbh5
44
vulnerability VCID-teby-zvvw-zkhv
45
vulnerability VCID-u6h1-ccgw-jqds
46
vulnerability VCID-ub3e-hrb1-wqac
47
vulnerability VCID-uq77-aax5-k7d8
48
vulnerability VCID-vq15-t92r-5bhx
49
vulnerability VCID-w65h-8a9d-ckgj
50
vulnerability VCID-wms8-dnuz-b3hc
51
vulnerability VCID-xvyu-2hb8-8ufh
52
vulnerability VCID-xw1s-93bu-wuh9
53
vulnerability VCID-ys6f-g39p-fkfc
54
vulnerability VCID-yz6t-ge1y-qfgr
55
vulnerability VCID-zru2-9g25-77dc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0
References
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8
3
reference_url https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-004
5
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004
6
reference_url https://github.com/advisories/GHSA-wp8j-c736-c5r3
reference_id GHSA-wp8j-c736-c5r3
reference_type
scores
url https://github.com/advisories/GHSA-wp8j-c736-c5r3
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-w65h-8a9d-ckgj