Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-y94t-fwsg-sfey

Summary

Apache MyFaces Cross-site Scripting vulnerability
Apache MyFaces 1.1.7 and 1.2.8 (All previous versions are likely vulnerable), as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Aliases

alias	CVE-2010-2086

alias	GHSA-92cv-wv2c-8899

Fixed_packages

Affected_packages

url pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.1.7

purl pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.1.7

url pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.0

purl pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.0

url pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.8

purl pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.myfaces.core/myfaces-core-module@1.2.8

url pkg:rpm/redhat/glassfish-jsf@1.2_13-2.ep5?arch=el4

purl pkg:rpm/redhat/glassfish-jsf@1.2_13-2.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/glassfish-jsf@1.2_13-2.ep5%3Farch=el4

url pkg:rpm/redhat/glassfish-jsf@1.2_13-3.ep5?arch=el5

purl pkg:rpm/redhat/glassfish-jsf@1.2_13-3.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/glassfish-jsf@1.2_13-3.ep5%3Farch=el5

url pkg:rpm/redhat/httpd@2.2.14-1.2.1.ep5?arch=el5

purl pkg:rpm/redhat/httpd@2.2.14-1.2.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.2.14-1.2.1.ep5%3Farch=el5

url pkg:rpm/redhat/httpd22@2.2.14-4.ep5?arch=el4

purl pkg:rpm/redhat/httpd22@2.2.14-4.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd22@2.2.14-4.ep5%3Farch=el4

url pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.ep5?arch=el4

purl pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.ep5%3Farch=el4

url pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.1.ep5?arch=el5

purl pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.1.ep5%3Farch=el5

url pkg:rpm/redhat/jakarta-commons-digester@1.8.1-7.ep5?arch=el4

purl pkg:rpm/redhat/jakarta-commons-digester@1.8.1-7.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-commons-digester@1.8.1-7.ep5%3Farch=el4

url pkg:rpm/redhat/jakarta-commons-io@1.4-1.ep5?arch=el4

purl pkg:rpm/redhat/jakarta-commons-io@1.4-1.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-commons-io@1.4-1.ep5%3Farch=el4

url pkg:rpm/redhat/jakarta-commons-io@1.4-1.1.ep5?arch=el5

purl pkg:rpm/redhat/jakarta-commons-io@1.4-1.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-commons-io@1.4-1.1.ep5%3Farch=el5

url pkg:rpm/redhat/jakarta-commons-modeler@2.0-3.3.ep5?arch=el4

purl pkg:rpm/redhat/jakarta-commons-modeler@2.0-3.3.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-commons-modeler@2.0-3.3.ep5%3Farch=el4

url pkg:rpm/redhat/jakarta-commons-validator@1.3.1-7.4.ep5?arch=el4

purl pkg:rpm/redhat/jakarta-commons-validator@1.3.1-7.4.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-commons-validator@1.3.1-7.4.ep5%3Farch=el4

url pkg:rpm/redhat/jakarta-oro@2.0.8-3jpp.ep1.3.ep5?arch=el4

purl pkg:rpm/redhat/jakarta-oro@2.0.8-3jpp.ep1.3.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-oro@2.0.8-3jpp.ep1.3.ep5%3Farch=el4

url pkg:rpm/redhat/jakarta-oro@2.0.8-3.1.ep5?arch=el5

purl pkg:rpm/redhat/jakarta-oro@2.0.8-3.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jakarta-oro@2.0.8-3.1.ep5%3Farch=el5

url pkg:rpm/redhat/jboss-javaee@5.0.1-2.3.ep5?arch=el4

purl pkg:rpm/redhat/jboss-javaee@5.0.1-2.3.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jboss-javaee@5.0.1-2.3.ep5%3Farch=el4

url pkg:rpm/redhat/mod_jk@1.2.28-4.ep5?arch=el4

purl pkg:rpm/redhat/mod_jk@1.2.28-4.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_jk@1.2.28-4.ep5%3Farch=el4

url pkg:rpm/redhat/mod_jk@1.2.28-4.1.ep5?arch=el5

purl pkg:rpm/redhat/mod_jk@1.2.28-4.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_jk@1.2.28-4.1.ep5%3Farch=el5

url pkg:rpm/redhat/struts12@1.2.9-2.ep5?arch=el4

purl pkg:rpm/redhat/struts12@1.2.9-2.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/struts12@1.2.9-2.ep5%3Farch=el4

url pkg:rpm/redhat/struts12@1.2.9-2.ep5?arch=el5

purl pkg:rpm/redhat/struts12@1.2.9-2.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/struts12@1.2.9-2.ep5%3Farch=el5

url pkg:rpm/redhat/tomcat5@5.5.28-7.ep5?arch=el4

purl pkg:rpm/redhat/tomcat5@5.5.28-7.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat5@5.5.28-7.ep5%3Farch=el4

url pkg:rpm/redhat/tomcat5@5.5.28-7.1.ep5?arch=el5

purl pkg:rpm/redhat/tomcat5@5.5.28-7.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat5@5.5.28-7.1.ep5%3Farch=el5

url pkg:rpm/redhat/tomcat6@6.0.24-2.ep5?arch=el4

purl pkg:rpm/redhat/tomcat6@6.0.24-2.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat6@6.0.24-2.ep5%3Farch=el4

url pkg:rpm/redhat/tomcat6@6.0.24-2.1.ep5?arch=el5

purl pkg:rpm/redhat/tomcat6@6.0.24-2.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat6@6.0.24-2.1.ep5%3Farch=el5

url pkg:rpm/redhat/tomcat-native@1.1.19-2.0.ep5?arch=el4

purl pkg:rpm/redhat/tomcat-native@1.1.19-2.0.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-native@1.1.19-2.0.ep5%3Farch=el4

url pkg:rpm/redhat/tomcat-native@1.1.19-2.0.1.ep5?arch=el5

purl pkg:rpm/redhat/tomcat-native@1.1.19-2.0.1.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-native@1.1.19-2.0.1.ep5%3Farch=el5

url pkg:rpm/redhat/xerces-j2@2.9.1-2.2_patch_01.ep5?arch=el4

purl pkg:rpm/redhat/xerces-j2@2.9.1-2.2_patch_01.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xerces-j2@2.9.1-2.2_patch_01.ep5%3Farch=el4

url pkg:rpm/redhat/xml-commons-resolver12@1:1.2-1.1.ep5?arch=el4

purl pkg:rpm/redhat/xml-commons-resolver12@1:1.2-1.1.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-y94t-fwsg-sfey

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xml-commons-resolver12@1:1.2-1.1.ep5%3Farch=el4

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2086.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2086.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-2086

reference_id

reference_type

scores

value	0.02948
scoring_system	epss
scoring_elements	0.86478
published_at	2026-04-18T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.8644
published_at	2026-04-08T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.8645
published_at	2026-04-09T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86465
published_at	2026-04-11T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86464
published_at	2026-04-12T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86458
published_at	2026-04-13T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86473
published_at	2026-04-16T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86392
published_at	2026-04-01T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86403
published_at	2026-04-02T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86421
published_at	2026-04-04T12:55:00Z

value	0.02948
scoring_system	epss
scoring_elements	0.86422
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-2086

reference_url

https://github.com/apache/myfaces

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/myfaces

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-2086

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-2086

reference_url

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

reference_url

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=598164
reference_id	598164
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=598164

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.7:::::::*
reference_id	cpe:2.3:a:apache:myfaces:1.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.8:::::::*
reference_id	cpe:2.3:a:apache:myfaces:1.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.8:::::::*

reference_url

https://github.com/advisories/GHSA-92cv-wv2c-8899

reference_id

GHSA-92cv-wv2c-8899

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92cv-wv2c-8899

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y94t-fwsg-sfey

Vulnerability Instance