Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.commons/xwiki-commons-core@5.1-milestone-2
Typemaven
Namespaceorg.xwiki.commons
Namexwiki-commons-core
Version5.1-milestone-2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.6.7
Latest_non_vulnerable_version12.10.3
Affected_by_vulnerabilities
0
url VCID-pbhx-nmva-tqcx
vulnerability_id VCID-pbhx-nmva-tqcx
summary 
Improper Control of Generation of Code ('Code Injection')
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32621
reference_id
reference_type
scores
0
value 0.00691
scoring_system epss
scoring_elements 0.72245
published_at 2026-06-05T12:55:00Z
1
value 0.00691
scoring_system epss
scoring_elements 0.72252
published_at 2026-06-06T12:55:00Z
2
value 0.00691
scoring_system epss
scoring_elements 0.72204
published_at 2026-06-04T12:55:00Z
3
value 0.00691
scoring_system epss
scoring_elements 0.72243
published_at 2026-06-09T12:55:00Z
4
value 0.00691
scoring_system epss
scoring_elements 0.72217
published_at 2026-06-08T12:55:00Z
5
value 0.00691
scoring_system epss
scoring_elements 0.72231
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32621
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/bb7068bd911f91e5511f3cfb03276c7ac81100bc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/bb7068bd911f91e5511f3cfb03276c7ac81100bc
3
reference_url https://jay-from-future.github.io/cve/2021/06/17/xwiki-rce-cve.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jay-from-future.github.io/cve/2021/06/17/xwiki-rce-cve.html
4
reference_url https://jira.xwiki.org/browse/XWIKI-17794
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jira.xwiki.org/browse/XWIKI-17794
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32621
reference_id CVE-2021-32621
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32621
6
reference_url https://github.com/advisories/GHSA-h353-hc43-95vc
reference_id GHSA-h353-hc43-95vc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h353-hc43-95vc
7
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc
reference_id GHSA-h353-hc43-95vc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc
fixed_packages
0
url pkg:maven/org.xwiki.commons/xwiki-commons-core@12.6.7
purl pkg:maven/org.xwiki.commons/xwiki-commons-core@12.6.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-core@12.6.7
1
url pkg:maven/org.xwiki.commons/xwiki-commons-core@12.10.3
purl pkg:maven/org.xwiki.commons/xwiki-commons-core@12.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-core@12.10.3
aliases CVE-2021-32621, GHSA-h353-hc43-95vc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbhx-nmva-tqcx
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-core@5.1-milestone-2