Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@17.4.2
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-flamingo-skin-resources
Version17.4.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-f43y-xyma-23av
vulnerability_id VCID-f43y-xyma-23av
summary 
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
A reflected XSS vulnerability in XWiki allows an attacker to send a victim to a URL with a deletion confirmation message on which the attacker-supplied script is executed when the victim clicks the "No" button. When the victim has admin or programming right, this allows the attacker to execute basically arbitrary actions on the XWiki installation including remote code execution.
references
0
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
1
reference_url https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2
2
reference_url https://jira.xwiki.org/browse/XWIKI-23244
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jira.xwiki.org/browse/XWIKI-23244
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66472
reference_id CVE-2025-66472
reference_type
scores
0
value 6.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66472
4
reference_url https://github.com/advisories/GHSA-7vpr-jm38-wr7w
reference_id GHSA-7vpr-jm38-wr7w
reference_type
scores
url https://github.com/advisories/GHSA-7vpr-jm38-wr7w
5
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w
reference_id GHSA-7vpr-jm38-wr7w
reference_type
scores
0
value 6.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@16.10.10
purl pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@16.10.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@16.10.10
1
url pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@17.4.2
purl pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@17.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@17.4.2
aliases CVE-2025-66472, GHSA-7vpr-jm38-wr7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f43y-xyma-23av
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources@17.4.2