{"url":"http://public2.vulnerablecode.io/api/packages/54176?format=json","purl":"pkg:composer/drupal/core@8.5.0-alpha0","type":"composer","namespace":"drupal","name":"core","version":"8.5.0-alpha0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.4.9","latest_non_vulnerable_version":"11.2.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12226?format=json","vulnerability_id":"VCID-51ze-a1zm-ukey","summary":"XSS Vulnerability\nCKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-003","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54178?format=json","purl":"pkg:composer/drupal/core@8.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ef-6vth-nugg"},{"vulnerability":"VCID-163u-tpj9-skc5"},{"vulnerability":"VCID-1jfe-j1fz-juec"},{"vulnerability":"VCID-1jvt-6dac-7qc5"},{"vulnerability":"VCID-1xsh-7f63-v3df"},{"vulnerability":"VCID-3x3y-uf5e-m7hw"},{"vulnerability":"VCID-49e1-axzk-3bdq"},{"vulnerability":"VCID-4p5n-ujzt-qfdx"},{"vulnerability":"VCID-5821-1xss-8fdu"},{"vulnerability":"VCID-5qvn-f9d3-kygg"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-757r-nv73-gfhg"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-7qhc-n6hc-ukbu"},{"vulnerability":"VCID-9bsd-gqyd-cuh5"},{"vulnerability":"VCID-9ju9-nhf2-wfbe"},{"vulnerability":"VCID-b2x6-54c3-jqa2"},{"vulnerability":"VCID-bnw7-px2h-ubha"},{"vulnerability":"VCID-e8mp-5awh-eybz"},{"vulnerability":"VCID-ezsv-96h9-x3ah"},{"vulnerability":"VCID-f687-ubdn-37en"},{"vulnerability":"VCID-fmc9-t9a1-5fcx"},{"vulnerability":"VCID-fy43-ubmr-pfhu"},{"vulnerability":"VCID-g6px-rqtp-vqev"},{"vulnerability":"VCID-gr7c-tbh9-ayh6"},{"vulnerability":"VCID-h6c2-e5qv-myg8"},{"vulnerability":"VCID-h93x-dbpr-q7cz"},{"vulnerability":"VCID-j2g3-u36y-nqdv"},{"vulnerability":"VCID-j4r9-8g22-vydm"},{"vulnerability":"VCID-j545-f44v-w3cn"},{"vulnerability":"VCID-j59x-5swn-fuga"},{"vulnerability":"VCID-jgec-wuca-bbf1"},{"vulnerability":"VCID-ktfj-va32-2kbe"},{"vulnerability":"VCID-mhcb-rdtq-sufx"},{"vulnerability":"VCID-n6tq-72g7-afdg"},{"vulnerability":"VCID-nf7d-x5nj-d3dc"},{"vulnerability":"VCID-nfzm-eyht-kkb1"},{"vulnerability":"VCID-ngmk-qxmz-gkdz"},{"vulnerability":"VCID-nqz7-ej49-ckay"},{"vulnerability":"VCID-phkw-q4nd-m7hh"},{"vulnerability":"VCID-pyjy-13mt-cyck"},{"vulnerability":"VCID-pyqg-gfn8-vqag"},{"vulnerability":"VCID-qwwz-5n8j-9ben"},{"vulnerability":"VCID-re2h-u5bk-wqbw"},{"vulnerability":"VCID-s6ek-bjnx-9fc1"},{"vulnerability":"VCID-sbnt-qndd-xubz"},{"vulnerability":"VCID-swh1-rvuw-jqfx"},{"vulnerability":"VCID-txkf-hpah-r3hu"},{"vulnerability":"VCID-vby4-6r8z-6qgy"},{"vulnerability":"VCID-yb9a-1mp4-1kcz"},{"vulnerability":"VCID-yy7m-f66v-fbhz"},{"vulnerability":"VCID-z833-upr5-4ug5"},{"vulnerability":"VCID-zhxf-bmyy-wff6"},{"vulnerability":"VCID-zw77-b3nt-gbag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2"}],"aliases":["SA-CORE-2018-003"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51ze-a1zm-ukey"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.0-alpha0"}