Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/qcubed/qcubed@3.0.8
Typecomposer
Namespaceqcubed
Nameqcubed
Version3.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3cwv-cp8w-gycx
vulnerability_id VCID-3cwv-cp8w-gycx
summary 
Cross-site Scripting
A reflected cross-site scripting (XSS) vulnerability in qcubed's `profile.php` via the `stQuery-parameter` allows unauthenticated attackers to steal sessions of authenticated users.
references
0
reference_url http://qcubed.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://qcubed.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24912
reference_id
reference_type
scores
0
value 0.54673
scoring_system epss
scoring_elements 0.98079
published_at 2026-06-09T12:55:00Z
1
value 0.54673
scoring_system epss
scoring_elements 0.9808
published_at 2026-06-07T12:55:00Z
2
value 0.60874
scoring_system epss
scoring_elements 0.9833
published_at 2026-06-06T12:55:00Z
3
value 0.60874
scoring_system epss
scoring_elements 0.98329
published_at 2026-06-05T12:55:00Z
4
value 0.60874
scoring_system epss
scoring_elements 0.98326
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24912
2
reference_url http://seclists.org/fulldisclosure/2021/Mar/30
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Mar/30
3
reference_url https://github.com/qcubed/qcubed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/qcubed/qcubed
4
reference_url https://github.com/qcubed/qcubed/pull/1320/files
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/qcubed/qcubed/pull/1320/files
5
reference_url https://tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912
6
reference_url https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24912
reference_id CVE-2020-24912
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24912
8
reference_url https://github.com/advisories/GHSA-xj4v-gp4q-h6qq
reference_id GHSA-xj4v-gp4q-h6qq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj4v-gp4q-h6qq
fixed_packages
0
url pkg:composer/qcubed/qcubed@3.2.0
purl pkg:composer/qcubed/qcubed@3.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.2.0
aliases CVE-2020-24912, GHSA-xj4v-gp4q-h6qq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3cwv-cp8w-gycx
1
url VCID-dbfe-3z2a-qkcp
vulnerability_id VCID-dbfe-3z2a-qkcp
summary 
SQL Injection
A SQL injection vulnerability exists in qcubed `profile.php` via the `strQuery` parameter. This allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
references
0
reference_url http://qcubed.com
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://qcubed.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24913
reference_id
reference_type
scores
0
value 0.43055
scoring_system epss
scoring_elements 0.97571
published_at 2026-06-09T12:55:00Z
1
value 0.43055
scoring_system epss
scoring_elements 0.97563
published_at 2026-06-04T12:55:00Z
2
value 0.43055
scoring_system epss
scoring_elements 0.97567
published_at 2026-06-05T12:55:00Z
3
value 0.43055
scoring_system epss
scoring_elements 0.97569
published_at 2026-06-06T12:55:00Z
4
value 0.43055
scoring_system epss
scoring_elements 0.97568
published_at 2026-06-07T12:55:00Z
5
value 0.43055
scoring_system epss
scoring_elements 0.9757
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24913
2
reference_url http://seclists.org/fulldisclosure/2021/Mar/29
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Mar/29
3
reference_url http://seclists.org/fulldisclosure/2021/Mar/30
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Mar/30
4
reference_url https://github.com/qcubed/qcubed
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/qcubed/qcubed
5
reference_url https://github.com/qcubed/qcubed/pull/1320/files
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/qcubed/qcubed/pull/1320/files
6
reference_url https://tech.feedyourhead.at/content/QCubed-SQL-Injection-CVE-2020-24913
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://tech.feedyourhead.at/content/QCubed-SQL-Injection-CVE-2020-24913
7
reference_url https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24913
reference_id CVE-2020-24913
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24913
9
reference_url https://github.com/advisories/GHSA-8fj6-pc5r-347q
reference_id GHSA-8fj6-pc5r-347q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fj6-pc5r-347q
fixed_packages
0
url pkg:composer/qcubed/qcubed@3.2.0
purl pkg:composer/qcubed/qcubed@3.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.2.0
aliases CVE-2020-24913, GHSA-8fj6-pc5r-347q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbfe-3z2a-qkcp
2
url VCID-zfb8-4657-vuc4
vulnerability_id VCID-zfb8-4657-vuc4
summary 
Improperly Controlled Modification of Dynamically-Determined Object Attributes
A PHP object injection bug in `profile.php` in qcubed deserializes the untrusted data of the POST-variable `strProfileData` and allows an unauthenticated attacker to execute code via a crafted POST request.
references
0
reference_url http://qcubed.com
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://qcubed.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24914
reference_id
reference_type
scores
0
value 0.37721
scoring_system epss
scoring_elements 0.97285
published_at 2026-06-04T12:55:00Z
1
value 0.37721
scoring_system epss
scoring_elements 0.97291
published_at 2026-06-06T12:55:00Z
2
value 0.37721
scoring_system epss
scoring_elements 0.97293
published_at 2026-06-08T12:55:00Z
3
value 0.37721
scoring_system epss
scoring_elements 0.9729
published_at 2026-06-05T12:55:00Z
4
value 0.37721
scoring_system epss
scoring_elements 0.97294
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24914
2
reference_url http://seclists.org/fulldisclosure/2021/Mar/28
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Mar/28
3
reference_url https://github.com/qcubed/qcubed
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/qcubed/qcubed
4
reference_url https://github.com/qcubed/qcubed/pull/1320/files
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/qcubed/qcubed/pull/1320/files
5
reference_url https://tech.feedyourhead.at/content/QCubed-PHP-Object-Injection-CVE-2020-24914
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://tech.feedyourhead.at/content/QCubed-PHP-Object-Injection-CVE-2020-24914
6
reference_url https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24914
reference_id CVE-2020-24914
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24914
8
reference_url https://github.com/advisories/GHSA-7w3c-jgh7-cwjw
reference_id GHSA-7w3c-jgh7-cwjw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7w3c-jgh7-cwjw
fixed_packages
0
url pkg:composer/qcubed/qcubed@3.2.0
purl pkg:composer/qcubed/qcubed@3.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.2.0
aliases CVE-2020-24914, GHSA-7w3c-jgh7-cwjw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zfb8-4657-vuc4
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.0.8