Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40scullyio/scully@0.0.35

Type npm

Namespace @scullyio

Name scully

Version 0.0.35

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.0.9

Latest_non_vulnerable_version 1.0.9

Affected_by_vulnerabilities

url VCID-kz8m-3122-c3dx

vulnerability_id VCID-kz8m-3122-c3dx

summary

Cross-site Scripting (XSS) in @scullyio/scully
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28470

reference_id

reference_type

scores

value	0.003
scoring_system	epss
scoring_elements	0.53645
published_at	2026-06-06T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53608
published_at	2026-06-08T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53632
published_at	2026-06-09T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53578
published_at	2026-06-04T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53637
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28470

reference_url

https://github.com/scullyio/scully

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scullyio/scully

reference_url

https://github.com/scullyio/scully/pull/1182

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scullyio/scully/pull/1182

reference_url

https://snyk.io/vuln/SNYK-JS-SCULLYIOSCULLY-1055829

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-SCULLYIOSCULLY-1055829

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28470

reference_id

CVE-2020-28470

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28470

reference_url

https://github.com/advisories/GHSA-r96p-v3cr-gfv8

reference_id

GHSA-r96p-v3cr-gfv8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r96p-v3cr-gfv8

fixed_packages

url	pkg:npm/%40scullyio/scully@1.0.9
purl	pkg:npm/%40scullyio/scully@1.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540scullyio/scully@1.0.9

aliases CVE-2020-28470, GHSA-r96p-v3cr-gfv8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kz8m-3122-c3dx

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540scullyio/scully@0.0.35

Package Instance