{"url":"http://public2.vulnerablecode.io/api/packages/411689?format=json","purl":"pkg:pypi/onegov.form@0.10.1","type":"pypi","namespace":"","name":"onegov.form","version":"0.10.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.16.1","latest_non_vulnerable_version":"0.16.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361888?format=json","vulnerability_id":"VCID-2ct2-ksx1-pqee","summary":"This package is vulnerable to Cross-Site Scripting (XSS). When a label is rendered, the contents of the label element were not escaped.","references":[{"reference_url":"https://github.com/OneGov/onegov.form/commit/abce4e1ca620de244460f005f9d2412683552f30","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/OneGov/onegov.form/commit/abce4e1ca620de244460f005f9d2412683552f30"},{"reference_url":"https://github.com/wtforms/wtforms/issues/315","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/wtforms/wtforms/issues/315"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388768?format=json","purl":"pkg:pypi/onegov.form@0.16.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onegov.form@0.16.1"}],"aliases":["GMS-2016-128"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ct2-ksx1-pqee"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onegov.form@0.10.1"}