{"url":"http://public2.vulnerablecode.io/api/packages/53710?format=json","purl":"pkg:composer/intelliants/subrion@4.1.5","type":"composer","namespace":"intelliants","name":"subrion","version":"4.1.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.2.0","latest_non_vulnerable_version":"4.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38993?format=json","vulnerability_id":"VCID-cr7s-r2rz-8ybh","summary":"Cross-Site Request Forgery (CSRF)\nThere are CSRF vulnerabilities in Subrion CMS.","references":[{"reference_url":"https://github.com/intelliants/subrion/issues/547","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/547"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15063","reference_id":"CVE-2017-15063","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54397?format=json","purl":"pkg:composer/intelliants/subrion@4.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0"}],"aliases":["CVE-2017-15063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr7s-r2rz-8ybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44068?format=json","vulnerability_id":"VCID-tuub-vc8w-1qbu","summary":"Cross-Site Request Forgery (CSRF)\nSubrion CMS 4.1.5 has CSRF in blog/delete/.","references":[{"reference_url":"https://github.com/intelliants/subrion/issues/477","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18366","reference_id":"CVE-2017-18366","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18366"},{"reference_url":"https://github.com/advisories/GHSA-c939-g732-48r8","reference_id":"GHSA-c939-g732-48r8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c939-g732-48r8"}],"fixed_packages":[],"aliases":["CVE-2017-18366","GHSA-c939-g732-48r8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuub-vc8w-1qbu"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38660?format=json","vulnerability_id":"VCID-ncdz-29ff-53fr","summary":"Cross-site Scripting\nA Cross-site scripting allows remote attackers to inject arbitrary web script or HTML via the body to `blog/add/`.","references":[{"reference_url":"https://github.com/intelliants/subrion/issues/467","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/467"},{"reference_url":"http://www.securityfocus.com/bid/99378","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99378"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10795","reference_id":"CVE-2017-10795","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10795"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53710?format=json","purl":"pkg:composer/intelliants/subrion@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cr7s-r2rz-8ybh"},{"vulnerability":"VCID-tuub-vc8w-1qbu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.5"}],"aliases":["CVE-2017-10795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncdz-29ff-53fr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.5"}