Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/292378?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/292378?format=api", "purl": "pkg:composer/qcubed/qcubed@3.0.8", "type": "composer", "namespace": "qcubed", "name": "qcubed", "version": "3.0.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54134?format=api", "vulnerability_id": "VCID-3cwv-cp8w-gycx", "summary": "Cross-site Scripting\nA reflected cross-site scripting (XSS) vulnerability in qcubed's `profile.php` via the `stQuery-parameter` allows unauthenticated attackers to steal sessions of authenticated users.", "references": [ { "reference_url": "http://qcubed.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://qcubed.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54673", "scoring_system": "epss", "scoring_elements": "0.98079", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.54673", "scoring_system": "epss", "scoring_elements": "0.9808", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.60874", "scoring_system": "epss", "scoring_elements": "0.9833", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.60874", "scoring_system": "epss", "scoring_elements": "0.98329", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.60874", "scoring_system": "epss", "scoring_elements": "0.98326", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24912" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Mar/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Mar/30" }, { "reference_url": "https://github.com/qcubed/qcubed", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qcubed/qcubed" }, { "reference_url": "https://github.com/qcubed/qcubed/pull/1320/files", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qcubed/qcubed/pull/1320/files" }, { "reference_url": "https://tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912" }, { "reference_url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24912", "reference_id": "CVE-2020-24912", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24912" }, { "reference_url": "https://github.com/advisories/GHSA-xj4v-gp4q-h6qq", "reference_id": "GHSA-xj4v-gp4q-h6qq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj4v-gp4q-h6qq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150086?format=api", "purl": "pkg:composer/qcubed/qcubed@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.2.0" } ], "aliases": [ "CVE-2020-24912", "GHSA-xj4v-gp4q-h6qq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cwv-cp8w-gycx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54133?format=api", "vulnerability_id": "VCID-dbfe-3z2a-qkcp", "summary": "SQL Injection\nA SQL injection vulnerability exists in qcubed `profile.php` via the `strQuery` parameter. This allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.", "references": [ { "reference_url": "http://qcubed.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://qcubed.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43055", "scoring_system": "epss", "scoring_elements": "0.97571", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.43055", "scoring_system": "epss", "scoring_elements": "0.97563", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.43055", "scoring_system": "epss", "scoring_elements": "0.97567", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.43055", "scoring_system": "epss", "scoring_elements": "0.97569", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.43055", "scoring_system": "epss", "scoring_elements": "0.97568", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.43055", "scoring_system": "epss", "scoring_elements": "0.9757", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24913" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Mar/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Mar/29" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Mar/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Mar/30" }, { "reference_url": "https://github.com/qcubed/qcubed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qcubed/qcubed" }, { "reference_url": "https://github.com/qcubed/qcubed/pull/1320/files", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qcubed/qcubed/pull/1320/files" }, { "reference_url": "https://tech.feedyourhead.at/content/QCubed-SQL-Injection-CVE-2020-24913", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tech.feedyourhead.at/content/QCubed-SQL-Injection-CVE-2020-24913" }, { "reference_url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24913", "reference_id": "CVE-2020-24913", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24913" }, { "reference_url": "https://github.com/advisories/GHSA-8fj6-pc5r-347q", "reference_id": "GHSA-8fj6-pc5r-347q", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fj6-pc5r-347q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150086?format=api", "purl": "pkg:composer/qcubed/qcubed@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.2.0" } ], "aliases": [ "CVE-2020-24913", "GHSA-8fj6-pc5r-347q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbfe-3z2a-qkcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54137?format=api", "vulnerability_id": "VCID-zfb8-4657-vuc4", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes\nA PHP object injection bug in `profile.php` in qcubed deserializes the untrusted data of the POST-variable `strProfileData` and allows an unauthenticated attacker to execute code via a crafted POST request.", "references": [ { "reference_url": "http://qcubed.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://qcubed.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37721", "scoring_system": "epss", "scoring_elements": "0.97285", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.37721", "scoring_system": "epss", "scoring_elements": "0.97291", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.37721", "scoring_system": "epss", "scoring_elements": "0.97293", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.37721", "scoring_system": "epss", "scoring_elements": "0.9729", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.37721", "scoring_system": "epss", "scoring_elements": "0.97294", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24914" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Mar/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Mar/28" }, { "reference_url": "https://github.com/qcubed/qcubed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qcubed/qcubed" }, { "reference_url": "https://github.com/qcubed/qcubed/pull/1320/files", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qcubed/qcubed/pull/1320/files" }, { "reference_url": "https://tech.feedyourhead.at/content/QCubed-PHP-Object-Injection-CVE-2020-24914", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tech.feedyourhead.at/content/QCubed-PHP-Object-Injection-CVE-2020-24914" }, { "reference_url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24914", "reference_id": "CVE-2020-24914", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24914" }, { "reference_url": "https://github.com/advisories/GHSA-7w3c-jgh7-cwjw", "reference_id": "GHSA-7w3c-jgh7-cwjw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7w3c-jgh7-cwjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150086?format=api", "purl": "pkg:composer/qcubed/qcubed@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.2.0" } ], "aliases": [ "CVE-2020-24914", "GHSA-7w3c-jgh7-cwjw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfb8-4657-vuc4" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/qcubed/qcubed@3.0.8" }