Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@2.5.1
Typecomposer
Namespacemoodle
Namemoodle
Version2.5.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.5.3
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2676-n5ah-aqbh
vulnerability_id VCID-2676-n5ah-aqbh
summary 
XSS via .swf files
YUI is a free, open source JavaScript and CSS framework for building richly interactive web applications.

In the vulnerable versions, the `uploader.swf` and `io.swf` utilities contain a vulnerability allowing cross-site scripting through the `.swf` files used in these components. Through a url accessing these files, and attacker can inject script in the context of these files, potentially exposing cookies or other sensitive information.

The vulnerability resurfaced in v0.10.2, but only with `io.swf`.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=232496
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=232496
1
reference_url https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
reference_id
reference_type
scores
url https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
2
reference_url https://yuilibrary.com/support/20130515-vulnerability/)
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
url https://yuilibrary.com/support/20130515-vulnerability/)
3
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
reference_id 332
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4942
reference_id CVE-2013-4942
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-4942
5
reference_url https://github.com/advisories/GHSA-9ww8-j8j2-3788
reference_id GHSA-9ww8-j8j2-3788
reference_type
scores
url https://github.com/advisories/GHSA-9ww8-j8j2-3788
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.11
purl pkg:composer/moodle/moodle@2.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.11
1
url pkg:composer/moodle/moodle@2.3.8
purl pkg:composer/moodle/moodle@2.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.8
2
url pkg:composer/moodle/moodle@2.4.5
purl pkg:composer/moodle/moodle@2.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.5
3
url pkg:composer/moodle/moodle@2.5.1
purl pkg:composer/moodle/moodle@2.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.1
aliases CVE-2013-4942, GHSA-9ww8-j8j2-3788
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2676-n5ah-aqbh
1
url VCID-8c87-x99e-tqav
vulnerability_id VCID-8c87-x99e-tqav
summary 
XSS via .swf files
YUI is a free, open source JavaScript and CSS framework for building richly interactive web applications.

In the vulnerable versions, the `uploader.swf` and `io.swf` utilities contain a vulnerability allowing cross-site scripting through the `.swf` files used in these components. Through a url accessing these files, and attacker can inject script in the context of these files, potentially exposing cookies or other sensitive information.

The vulnerability resurfaced in v0.10.2, but only with `io.swf`.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=232496
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=232496
1
reference_url https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
reference_id
reference_type
scores
url https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
2
reference_url https://yuilibrary.com/support/20130515-vulnerability/)
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
url https://yuilibrary.com/support/20130515-vulnerability/)
3
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
reference_id 332
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4941
reference_id CVE-2013-4941
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-4941
5
reference_url https://github.com/advisories/GHSA-64r3-582j-frqm
reference_id GHSA-64r3-582j-frqm
reference_type
scores
url https://github.com/advisories/GHSA-64r3-582j-frqm
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.11
purl pkg:composer/moodle/moodle@2.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.11
1
url pkg:composer/moodle/moodle@2.3.8
purl pkg:composer/moodle/moodle@2.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.8
2
url pkg:composer/moodle/moodle@2.4.5
purl pkg:composer/moodle/moodle@2.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.5
3
url pkg:composer/moodle/moodle@2.5.1
purl pkg:composer/moodle/moodle@2.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.1
aliases CVE-2013-4941, GHSA-64r3-582j-frqm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8c87-x99e-tqav
2
url VCID-pca7-qesm-qudu
vulnerability_id VCID-pca7-qesm-qudu
summary 
XSS via .swf files
YUI is a free, open source JavaScript and CSS framework for building richly interactive web applications.

In the vulnerable versions, the `uploader.swf` and `io.swf` utilities contain a vulnerability allowing cross-site scripting through the `.swf` files used in these components. Through a url accessing these files, and attacker can inject script in the context of these files, potentially exposing cookies or other sensitive information.

The vulnerability resurfaced in v0.10.2, but only with `io.swf`.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=232496
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=232496
1
reference_url https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
reference_id
reference_type
scores
url https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
2
reference_url https://yuilibrary.com/support/20130515-vulnerability/)
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
url https://yuilibrary.com/support/20130515-vulnerability/)
3
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
reference_id 332
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4940
reference_id CVE-2013-4940
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-4940
5
reference_url https://github.com/advisories/GHSA-x5hj-47vv-53p8
reference_id GHSA-x5hj-47vv-53p8
reference_type
scores
url https://github.com/advisories/GHSA-x5hj-47vv-53p8
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.11
purl pkg:composer/moodle/moodle@2.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.11
1
url pkg:composer/moodle/moodle@2.3.8
purl pkg:composer/moodle/moodle@2.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.8
2
url pkg:composer/moodle/moodle@2.4.5
purl pkg:composer/moodle/moodle@2.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.5
3
url pkg:composer/moodle/moodle@2.5.1
purl pkg:composer/moodle/moodle@2.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.1
aliases CVE-2013-4940, GHSA-x5hj-47vv-53p8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pca7-qesm-qudu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.1